Quick Guide: GlobalProtect VPN (remote access) Setup

The GlobalProtect VPN application allows access to protected campus resources (like Mentor) from off campus locations. It may also be required to access other specialized, restricted network services or software. This guide will go through the steps to install, configure, and connect to GlobalProtect VPN (as well as set up Duo Two Factor Authentication if you have not already done that).


This article is intended for: faculty, staff, students, and college affiliates.


Microsoft Windows, Apple MacOS


  1. Install the GlobalProtect VPN
  2. Configure VPN
  3. Full tunnel VPN configuration
  4. Set up Duo Two Factor Authentication

Install GlobalProtect VPN

  1. Connect to https://vpn.ithaca.edu on the computer you would like to install the VPN application.
  2. Log in to the portal with your netpass username and password.
  3. Click the link to download the appropriate GlobalProtect application for the Windows or Mac computer. Most machines are either 64-bit Windows or 32/64-bit Mac computers.
  4. Run the downloaded installer.
    1. Leave the default options selected as you proceed through the installation.
    2. You may delete the install package once complete, if prompted.

Configure GlobalProtect

  1. Open the GlobalProtect client from the notification area. (It is a small white globe when not connected)

Note: if on you are on MacOS High Sierra, you may need to complete a few additional steps, you may also see the following notification after installation: Screenshot of MacOS "System Extension Blocked" notification indicating that an extension by Palo Alto Networks was blocked from running.

  1. Open System Preferences.
  2. Click on Security & Privacy.
  3. Unlock the padlock to make changes if it is locked. at the bottom of the window.
  4. Above the padlock, there will be a message to allow software from Palo Also Networks to run. Click Allow.Screenshot of MacOS notification that software from Palo Alto Networks was blocked, with a button to allow this software to run on the right side of the image.
  1. Fill in the Portal Address: vpn.ithaca.edu
  2. Fill in the following when GlobalProtect connects to the portal:
    1. Username: Netpass Username
    2. Password: Netpass Password
  3. If you already have Duo configured, Click Connect.

  Duo Two Factor Authentication is required for the VPN. If you do not have it configured, follow these directions to enroll: https://ithaca.teamdynamix.com/TDClient/KB/ArticleDet?ID=402

  1. When GlobalProtect VPN begins to connect, the application will request to authenticate with Duo via your primary authentication method.
  2. Once connected, the GlobalProtect VPN icon will change to a globe with a check mark.

Configuring a Full Tunnel VPN

While the regular VPN tunnel should meet most needs, there may be times where you need all of your traffic sent over the IC network.

On VPN versions earlier than 4.1:

1.) Change the portal from vpn.ithaca.edu to vpnf.ithaca.edu and connect.

On VPN client versions 4.1 and later:

1.) Click on the global protect icon in your system tray
2.) Click on the gear in the top right, and select settings
3.) under portals, Click add, and type: vpnf.ithaca.edu
4.) this should now be selectable as a drop down on the main vpn screen


Duo Setup

Duo is a Two Factor Authentication Service which we use to provide additional security to some applications (such as the VPN). Additional information about Duo is available at www.ithaca.edu/duo.


Article ID: 52
Tue 7/18/17 10:27 AM
Fri 8/24/18 12:43 PM