GlobalProtect VPN for Staff

Please note: If you are a student looking for VPN instructions you can find them at port.ac.uk/it

You are advised that the use of a currently supported operating system with an up to date antivirus/malware product is required for connecting to any University network including the VPN

In order to sign into the VPN you will now need to use multi-factor authentication (MFA) using a Time-based One Time Password (TOTP) each time you log in. This involves being sent a code via a secure method to ensure that only you are able to sign in using your login details. These password are only usable for a limited time and you will probably be familiar with this method when signing into your bank or other websites.

Using the Staff VPN on Windows

If you do not already have the VPN app (GlobalProtect VPN) installed on your device you will need to download and install it, following the instructions for Option 1. If you already have the app you should follow the instructions for Option 2. Staff laptops come with the VPN preinstalled.

Option 1 - Install the VPN

If you already have the GlobalProtect VPN app installed, go to option 2.

  1. Please go to staff.vpn.port.ac.uk.
  2. Sign in with your staff username and password.
  3. You will be asked to enter a One-Time Authentication Code. This will be sent by default to mobile number you provided when you completed the VPN request form.
  4. Type in this code and click Next.
  5. You will be presented with download options, pick the one that matches your operating system, download and install it.
  6. Open the VPN from the icon tray, clicking the up arrow and selecting the globe icon.
  7. When you first open the VPN you will be asked to enter a portal address. Enter staff.vpn.port.ac.uk.
  8. Go to step 3 to connect to the VPN.

Option 2 - Reconfigure a previous installation

If you do not already have GlobalProtect VPN app installed, go to option 1. For those with the VPN installed already you will need to modify the portal address, to do this:

  1. Open the VPN from the up arrow in the Icon Tray.
  2. Click on the three-lines menu button.
  3. Select settings.
  4. Highlight the old portal address and click Delete.
  5. Click Add.
  6. Type in staff.vpn.port.ac.uk and click Save.

You can then close the window and click connect.


Connect to the VPN

After installing for the first time or reconfiguring the VPN, you can connect:

  1. Open the VPN from the up arrow in the Icon Tray and click Connect.
  2. A browser window will open asking you to sign in, use your staff username and password e.g. bloggsj.
  3. You will be asked to enter a One-Time Authentication Code. This will be sent by default to the mobile phone number you provided when you completed the VPN request form.
  4. Type in this code and click Next.
  5. The first time you connect this window will close and you con confirm that you have connected successfully from the globe icon in the icon tray. The next time you connect the authentication screen will open with your default browser. There may be additional checks to allow the browser to work with the VPN. Please accept/allow these browser requests.

Using the Staff VPN on macOS

If you do not already have the VPN app (GlobalProtect VPN) installed on your device you will need to download and install it, following the instructions for Option 1. If you already have the app you should follow the instructions for Option 2 as it will need to be changed to the new Staff VPN portal. The video below will guide you through these steps.

Option 1 - Install the VPN

If you already have the GlobalProtect VPN app installed, go to option 2.

  1. Please go to staff.vpn.port.ac.uk.
  2. Sign in with your staff username and password.
  3. You will be asked to enter a One-Time Authentication Code. This will be sent by default to the mobile phone number you provided when you completed the VPN request form.
  4. Type in this code and click Next.
  5. You will be presented with download options, pick the one that matches your operating system, download and install it.
  6. Open the VPN from the Finder bar, when you first open the VPN you will be asked to enter a portal address. Enter staff.vpn.port.ac.uk.
  7. Go to step 3 to connect to the VPN.
Option 2 - Reconfigure a previous installation

If you do not already have GlobalProtect VPN app installed, go to option 1. For those with the VPN installed already you will need to modify the portal address, to do this:

  1. Open the VPN from the icon in the Finder bar.
  2. Click on the three-lines menu button and choose Settings.
  3. Delete the old portal address of gp.vpn.port.ac.uk by highlighting the entry and clicking the minus button.
  4. Click the plus button to add the new portal address and typing in staff.vpn.port.ac.uk.
  5. Close the window to save the changes.
Connect to the VPN

After installing for the first time or reconfiguring the VPN, you can connect:

  1. Open the VPN from the Finder bar and click Connect.
  2. A browser window will open asking you to sign in, use your staff username and password e.g. bloggsj.
  3. You will be asked to enter a One-Time Authentication Code. This will be sent by default to the email address you provided when you registered with the University.
  4. Type in this code and click Next.
  5. The first time you connect this window will close and you con confirm that you have connected successfully from the globe icon in the Finder bar. The next time you connect the authentication screen will open with your default browser. There may be additional checks to allow the browser to work with the VPN. Please accept/allow these browser requests.

Using the Staff VPN on Linux

It is assumed you'll be familiar with using the command-line in order to set up the VPN. Once connected to the VPN you'll be able to access University resources such as SSH or the intranet in the same way as though you were on campus.

Install the VPN
  1. Please download the archive file: PanGPLinux-5.2.6-c18.tgz
  2. Open a terminal (ensure you are a superuser e.g. root, or use the sudo prefix). Untar the archive file. 
  3. This archive file supports both Redhat/CentOS and Debian/Ubuntu Linux operating systems and other platforms and contains the following files:

    ./GlobalProtect_deb-5.2.6.0-18.deb
    ./GlobalProtect_deb_arm-5.2.6.0-18.deb
    ./GlobalProtect_rpm-5.2.6.0-18.rpm
    ./GlobalProtect_rpm_arm-5.2.6.0-18.rpm
    ./GlobalProtect_tar-5.2.6.0-18.tgz
    ./GlobalProtect_tar_arm-5.2.6.0-18.tgz
    ./GlobalProtect_UI_deb-5.2.6.0-18.deb
    ./GlobalProtect_UI_rpm-5.2.6.0-18.rpm
    ./GlobalProtect_UI_tar-5.2.6.0-18.tgz
    ./manifest
    ./relinfo

    Select the file relevant to your Linux OS. Our recommendations are as below:

    Debian/Ubuntu Linux 
    GlobalProtect_UI_deb-5.2.6.0-18.deb

    Redhat/CentOS Linux
    GlobalProtect_UI_rpm-5.2.6.0-18.rpm

  4. Use the following command to install yum localinstall GlobalProtect_UI_rpm-5.2.6.0-18.rpm
Connect to the VPN
  1. Once installed a small Icon in the top Menu bar will appear and a Welcome to GlobalProtect entry display will pop up instantly asking to enter the Portal address for connection. Enter: staff.vpn.port.ac.uk and click Connect.

  2. A browser window will open asking you to sign in with you student username and password e.g up1234567

  3. You will be asked to enter a One-Time Authentication Code. This will be sent by default to the email address you provided when you registered with the University. Type in this code and click Next.

You will now be connected to the VPN

You can confirm that you have connected successfully from the globe icon in the menu bar. The next time you connect the authentication screen will open with your default browser. There may be additional checks to allow the browser to work with the VPN. Please accept/allow these browser requests. If the connection appears to be slow, click the 'click here' link in the 'Authentication Complete' browser notification.

Using the Staff VPN on ChromeOS

This method requires access to the Android Play Store. Find out if your Chromebook supports Android apps.

If you already have the Chrome OS Web Store version of GlobalProtect, please uninstall it by right-clicking or alt-clicking the application and selecting Uninstall. The logo looks slightly different from the Play Store version, please ensure you delete the app with the old logo as below:

Global protect icon old Global protect icon new
Old New
Install the VPN
    1. Open the Play Store on your ChromeOS Device
    2. Search for Global Protect
    3. Select the Global Protect App and select Install. When installed, open the app. .
    4. For the Portal Address type: staff.vpn.port.ac.uk.
    5. Enter your Staff username and password e.g. BloggsJ
    6. Enter your One-Time Authentication Code sent to your personal email or mobile phone.
    7. Note: when you connect for a second time, you will see a prompt from your browser asking you to allow the GlobalProtect app to interact with it. Allow this as failing to do so will stop the VPN working..
    8. You will now be connected to the VPN and will remain connected until you disconnect or until you turn off your device/put it to sleep.

    You can return to the GlobalProtect App to disconnect and reconnect to the VPN.

Adding other authentication methods

If you would like to have other options to use as for multi-factor authentication, you can add the following additional methods:

  • Using an authenticator app on your mobile device such as Microsoft Authenticator or Google Authenticator.
  • A USB key - this should support FIDO2.
Add an MFA method - Microsoft Authenticator
  1. Visit secure.port.ac.uk.
  2. Sign in with your staff username and password and click Sign in.
  3. Enter your one time code sent to your registered mobile phone number.
  4. Click Add then select Use an authenticator app.
  5. Click the Get QR code button.
  6. If you do not already have the Microsoft Authenticator App you will need to download from your app store.
  7. Open the app and click Scan a QR code to create a new setup. If you have used this app previously, you can add a new entry by choosing the 3 dot menu at the top of the page and tapping Add account then choose Work or school account then Scan a QR code.
  8. Scan the QR code shown on your screen using the Scan a QR code on your device.
  9. An entry called Netiq will be added, you will use this option to get your one time code in furture. If you have biometrics (fingerprint reader) enabled you may be asked if you would like to use this in future.
Add an MFA method - Google Authenticator
  1. Visit secure.port.ac.uk.
  2. Sign in with your staff username and password and click Sign in.
  3. Enter your one time code sent to your registered mobile phone number.
  4. Click Add then select Use an authenticator app.
  5. Click the Get QR code button.
  6. If you do not already have the Google Authenticator app you will need to download from your app store.
  7. Open the app and click + to create a new setup.
  8. Scan the QR code shown on your screen using the Scan a QR code on your device.
  9. An entry called Netiq will be added, you will use this option to get your one time code in furture. If you have biometrics (fingerprint reader) enabled you may be asked if you would like to use this in future.

Troubleshooting

Not a Windows or macOS user

We are working on getting the VPN available for other operating systems and mobile devices but at the moment it is only available for Windows and macOS operating systems.

Email address used for one time code is not correct

If you do not recognise or have access to the email address that is used for your one-time code, you will need to update your email address used in Staff Records.

Scanning in the QR code is not available in Microsoft Authenticator

Ensure you have the Authenticator option selected at the bottom on the screen, not the password option.

The VPN hangs on connection

Disconnect and try again. You can also select the Click here link on the Authentication Complete web page.

The MFA log in screen is not shown

Reboot your computer.

macOS hangs on connection

Setting IPv6 to manual sometimes fixes this issue. If you are not familiar with the network settings on macOS, contact us using the details at the top of this page.

Cannot use both Microsoft Authenticator and Google Authenticator app

Only one Authenticator App can be used for MFA on the VPN at a time. You can add or remove MFA methods (see below).

Add or delete an MFA method

You can add or delete MFA methods at secure.port.ac.uk. To delete a MFA method, click the MFA option you would like to remove and click the trash can to delete.

One time code was not accepted

All one time codes have time limits for which they are valid, obtain another code and ensure it is entered before it becomes invalid:

  • Email - 10 minutes.
  • Authenticator app - 30 seconds.
  • Text message - TBC.
Log in failed after entering your one time code

This sometimes happens when using an authenticator app, we are currently investigating why this happens, let us know you have this error and use another MFA method.

For help regarding this article contact IT Support.

For help regarding this article contact IT Support.