Quick Guide: GlobalProtect VPN (Secure Remote Access) Setup

The GlobalProtect VPN application allows access to protected campus resources (like Mentor) from off campus locations or from the Guest wireless network. It may also be required to access other specialized, restricted network services or software. This guide will go through the steps to install, configure, and connect to GlobalProtect VPN (as well as set up Duo Two Factor Authentication if you have not already done that).


This article is intended for: faculty, staff, students, and college affiliates.


Microsoft Windows, Apple MacOS


  1. Install the GlobalProtect VPN
  2. Configure VPN
  3. Full tunnel VPN configuration
  4. Set up Duo Two Factor Authentication

Install GlobalProtect VPN

  1. Connect to https://vpn.ithaca.edu on the computer you would like to install the VPN application.
  2. Log in to the portal with your Netpass username and password.
  3. Click the link to download the appropriate GlobalProtect application for the Windows or Mac computer. Most machines are either 64-bit Windows or 32/64-bit Mac computers.
  4. Run the downloaded installer.
    1. Leave the default options selected as you proceed through the installation.
    2. You may delete the install package once complete, if prompted.

Configure GlobalProtect

  1. Open the GlobalProtect client from the notification area. (It is a small white globe when not connected)

Note: if on you are on MacOS High Sierra and later, you will need to complete a few additional steps, you may also see the following notification after installation: Screenshot of MacOS "System Extension Blocked" notification indicating that an extension by Palo Alto Networks was blocked from running.

  1. Open System Preferences.
  2. Click on Security & Privacy.
  3. Unlock the padlock to make changes if it is locked. at the bottom of the window.
  4. Above the padlock, there will be a message to allow software from Palo Also Networks to run. Click Allow.Screenshot of MacOS notification that software from Palo Alto Networks was blocked, with a button to allow this software to run on the right side of the image.
  1. Fill in the Portal Address: vpn.ithaca.edu
    1. This is our full-tunnel vpn, so when you're connected all your traffic to any destination will be encrypted, flow through our VPN gateway, and be logged.
      1. This is good for most purposes, but see the instructions below for our split-tunnel VPN alternative.
  2. Fill in the following when GlobalProtect connects to the portal:
    1. Username: Netpass Username
    2. Password: Netpass Password
  3. If you already have Duo configured, Click Connect.

  Duo Two Factor Authentication is required for the VPN. If you do not have it configured, follow these directions to enroll: https://ithaca.teamdynamix.com/TDClient/KB/ArticleDet?ID=402

  1. When GlobalProtect VPN begins to connect, the application will request to authenticate with Duo via your primary authentication method.
  2. Once connected, the GlobalProtect VPN icon will change to a globe with a check mark.

Alternative: Configuring the Split-Tunnel VPN

While the regular VPN tunnel should meet most needs, there may be times where you would prefer that non-IC related network traffic not be routed through the IC network.

On VPN versions earlier than 4.1:

1.) Change the portal from vpn.ithaca.edu to vpnsplit.ithaca.edu and connect.

On VPN client versions 4.1 and later:

1.) Click on the GlobalProtect icon in your system tray
2.) Click on the gear in the top right, and select Settings
3.) Under Portals, Click Add, and type: vpnsplit.ithaca.edu
4.) This should now be selectable as a portal choice on the drop down on the main connection screen


Duo Setup

Duo is a Two Factor Authentication Service which we use to provide additional security to some applications (such as the VPN). Additional information about Duo is available at www.ithaca.edu/duo.


Article ID: 52
Tue 7/18/17 10:27 AM
Mon 4/29/19 2:18 PM