Virtual Private Network (VPN) Guide

SF State provides a secure VPN for faculty and staff to access protected on-campus resources.

Please note, this document pertains to the new GlobalProtect VPN service implemented June 5th, 2020. If you experience issues or discover a previously available service is not accessible via VPN, please report the issue to service@sfsu.edu.


When to use VPN

SF State’s VPN has two purposes: It enables campus users to send and receive data across a public network as if their device is directly connected to the campus network, and adds Two-Factor Authentication (2FA) for high security services. VPN is needed:

  1. When accessing a service restricted to use on campus networks or subnets. Examples: Departmental shares/servers, OnBase, Appworx, Windows/Office authentication, and Active Directory access
  2. When accessing services that store Level 1 data (two-factor authentication required). Example: Departmental secure shares
  3. When administering servers/applications. Examples: SSH, Oracle, and server maintenance
  4. By PeopleSoft developers with privileged access

VPN can be installed on personal computers, but if you are planning on accessing Level 1 data, the following security requirements must be in place:

  1. All devices used (e.g., laptops, desktops, tablets, mobile devices) are at current patching levels and have anti-malware installed/enabled with no active virus infections or malware
  2. Users must connect to Level 1 data using Two-Factor Authentication (2FA) and VPN only
  3. Devices are configured to lock after 15 minutes of inactivity
  4. Level 1 data does not get sent/downloaded to locations outside of existing approved Level 1 data repositories (e.g., PeopleSoft applications such as Common Financial System (CFS), Campus Solutions (CS), and Human Resources (HR); OnBase; Secure File Shares; Student Health Services (SHS) systems)

NOTE: Before VPN access is granted, completion of the Data Security and FERPA annual training is required and will be validated.

VPN Security Groups

Current faculty and staff are automatically included in the FACULTY-STAFF security group. For access to other groups, the SF State Virtual Private Network (VPN) Account Authorization form should be completed. For more information regarding specific VPN groups, refer to the VPN Access Control and Authorization To view PDF files, please download Adobe Reader.

NOTE: A SF State ID is required to use VPN. For vendors who do not have a SF State ID, the sponsoring department should contact Human Resources for Community Member credentials before completing the SF State Virtual Private Network (VPN) Account Authorization form on the vendor's behalf. Community Member credentials must be renewed annually. To view PDF files, please download Adobe Reader.

 

PAN GlobalProtect Agent Installation - Windows/Apple/iOS devices

Users on a Managed Machine

PaloAlto Networks GlobalProtect is a standard software installation. You will see the software in the Application Menu (Windows).

Managed Windows Users

Install Using the Microsoft Software Center:

1.  First connect to Cisco AnyConnect. You will not be able to download software unless you are first connected to VPN using Cisco AnyConnect.

2.  Click the Start Menu 

3.  In the tile menu, select Software Center

4.   In the Application Menu, click the GlobalProtect icon

5.  GlobalProtect will install

6. The application will open when the installation is complete

Software Installation Service Request

If you are prompted for an administrator password, create a Software Installation Service Request for your IT support team.

The URL for “Software Installation Service Request” is:
https://sfsu.service-now.com/sp?id=sc_cat_item&sys_id=f2016d06db862bc009...

Personal Computers / Users with Administrative Rights

First-time Installation

Download and Install the GlobalProtect Client

  1. Navigate your web browser to https://gp.sfsu.edu
  2. Enter your SF State ID
  3. Enter your SF State Password
  4. Click Login
  5. Enter your DUO password if prompted
  6. Once prompted with the Download (manual installation) step, download the GlobalProtect agent installer and run it to install the agent. Splash page with 3 agent options for download 1. windows 32 bit 2. windows 64 bit 3. mac 32/64 bit

How to log into GlobalProtect

  1. Launch the installed GlobalProtect software
  2. Enter gp.sfsu.edu in the Portal Address box and click Connect
    GlobalProtect Agent Login
  3. Enter your SF State ID
  4. Enter your SF State Password
    SSO login page with boxes for username and password
  5. If prompted, enter your DUO password
    Duo login page with options for push or token authentication

GlobalProtect VPN for iPhone/iPad

Install GlobalProtect for iPhone/iPad

  1. Open the App Store app
  2. At the bottom of the App Store screen, click on Search, and type GlobalProtect in the search box. When it appears in the list, tap GlobalProtect
  3. Tap Get, then tap Install to download the GlobalProtect app
  4. When prompted, enter your Apple ID & Password
  5. Once the application is installed, tap Open to open the application
  6. Enter gp.sfsu.edu as the Portal Address
  7. Tap Allow when prompted that GlobalProtect would like to add VPN configurations to your device

Run GlobalProtect for iPhone/iPad

  1. Open the GlobalProtect App
  2. Duo Authentication users: If you use the same iPhone/iPad for Duo, get your Duo credential before entering your ID and Password
  3. Enter your SF State ID
  4. Enter your SF State Password
  5. Complete your Duo Authentication
  6. To disconnect, tap the shield icon

              Sheild Icon tap to disconnect