Remote Access to Protected Resources (VPN)

What is it and why do I need it? 

A Virtual Private Network (VPN) service creates a secure connection (“tunnel”) between your device and the campus network and is used when you need to access restricted networked resources from off campus. At Princeton, GlobalProtect is one of two VPN services that you can use to access protected resources remotely and is soon to become the primary VPN service for its reliability and ease of use.  The instructions on this page are specific to the GlobalProtect service. 

Note:  OIT will continue to support the legacy SonicWall Secure Remote Access (SRA) service. However, OIT is not encouraging new installations of SRA.

Accessing protected applications through the web

The easiest way to access protected applications is through the GlobalProtect Portal on the web. For this, all you need is a web browser.  Some Princeton applications available through this portal are: 

  • Prime Portal (PeopleSoft Financials)
  • Information Warehouse (Cognos)
  • OnBase
  • Stripes

To access any of these applications:

  1. Visit the GlobalProtect web portal
  2. Enter your Princeton NetID, your password, and click Log in
  3. The system will send a Duo request to your default device. Approve the Duo request. 
  4. The GlobalProtect portal page displays with 'tiles' for the set of protected applications accessible through the portal. Click the tile for the application you want to access.

GlobalProtect portal

   5. GlobalProtect makes a secure connection to the application and opens the application.

Important! Not all protected services are available through the web portal. If you know the application you are trying to reach remotely is a restricted service, and yet it is not listed in the portal, you will need to install GlobalProtect software on your device to access it remotely (described in the next section).

Accessing protected applications using software installed on your device

You will need to install GlobalProtect software to access a subset of Princeton’s protected resources, including:

  • Central File Server / H: Drive / M: Drive
  • RDP (remote desktop protocol) to desktop workstations
  • SSH (Secure Shell) connections to Linux systems

Instructions for installing and using the software to access protected resources follow.

Installing GlobalProtect software

GlobalProtect software can be installed on Windows computers, Mac computers, mobile devices and tablets. 

Note:  To install GlobalProtect, you will need to use an account with the ability to install software, known as an administrator account. 

On Windows computers

Follow these steps to install the Global Protect app on your Windows laptop or desktop computer. 

  1. Visit the GlobalProtect web portal.
  2. Enter your Princeton NetID, your password, and click Log in
  3. Wait for Duo to send a request to your default device and approve the Duo request.
  4. To download, click on the GlobalProtect Agent (upper-right corner).

  5. Select your operating system (OS):  Download Windows 64 bit GlobalProtect agent
    Note:  32-bit Windows devices are rare these days. To verify whether your system is 32 or 64 bit,  open the Settings app on your computer, then click System, About. You will need system administrative rights to install this software.  
  6. Click Run to download the appropriate agent.
  7. You will see the GlobalProtect Setup Wizard. The installer will guide you through the steps required to install the software. Click Next.
  8. On the Select Installation Folder screen, click Next.
  9. On the Confirm Installation screen, click Next.
  10. On the Account Control pop-up, enter an admin user name and password.  You will be asked, “Do you want to allow this app to make changes to your device?”  Click Yes.
  11. On the Installation Complete screen, click Close to exit.
On Mac computers

Follow these steps to install the Global Protect app on your Mac laptop or desktop computer. 

  1. Visit the GlobalProtect web portal.
  2. Enter your Princeton NetID, your password, and click Log in
  3. Wait for Duo to send a request to your default device and approve the Duo request.
  4. To download, click on the GlobalProtect Agent (upper right corner).vpn install agent
  5. Select “Download Mac 32/64 bit GlobalProtect agent” to download the installer to your computer.
  6. Click Allow if prompted.
  7. Open the GlobalProtect file.
  8. You will see the “Welcome to the GlobalProtect Installer” screen. Click Continue.
  9. On the Custom Install screen, click Continue and click Continue again.
  10. On the Standard Install screen, click Install.
  11. Enter the admin user name and password for your system and click Install.
    Note: For macOS 10.13 and later releases you must allow Palo Alto Networks in Mac Security & Privacy as part of your initial setup. If you are prompted with a system extension block, follow the on-screen instructions to allow GlobalProtect to install the extensions. Go to System Preferences > Security & Privacy > General and select Allow.  Close the Security & Privacy window.
  12.  Click Close to finish the installation.
  13.  If you see a “Do you want to move the “GlobalProtect” installer to the trash?” pop-up, click on Keep.
On mobile phone and tablet devices

Follow these steps to install the Global Protect app on your mobile phone and tablet devices. 

Install on Android devices:

  1. Download and install the GlobalProtect app from the Google Play Store. Open the app.
  2. Enter the portal address vpn.princeton.edu and tap Connect.
  3. Enter your NetID and password.  Tap Login.
  4. Wait for Duo to send a request to your default device and approve the Duo request.
  5. Tap OK on the Connection request pop-up. 

Install on iOS devices:

  1. Search for the GlobalProtect app on the App Store. Tap Get and agree the permissions to install the application.  Open the app.
  2. Enter the portal address vpn.princeton.edu and tap Connect.
  3. Tap Allow on the dialog asking to give GlobalProtect permission to add VPN configurations. You will be prompted for your iOS device's PIN (or other authentication method).
  4. Enter your NetID and password. Tap Login.
  5. Wait for Duo to send a request to your default device and approve the Duo request.


Using GlobalProtect software to access protected services

Important! When using GlobalProtect VPN, the service is set to time out after 3 hours of inactivity from you in the VPN tunnel. The service is also set to timeout after 12 hours of connection, after which you will be required to re-login to reconnect. These scheduled timeouts help ensure the reliability of the service for all active users by reducing unnecessary load on the service, while also reinforcing important security measures.

Starting and disconnecting from GlobalProtect on your computer

To start GlobalProtect on your Windows or Mac computer: 

  1. Click the GlobalProtect application icon (grey globe) in your system tray (Windows) or top menu bar (Mac). 
  2. On the Welcome to GlobalProtect pop-up window, enter the portal address vpn.princeton.edu and click Connect.
    • Note:  On future logins you will not be asked to enter the portal address.
  3. When prompted, enter your Princeton netID and password, and click Login.
    • Note:  If you encounter a script error, click Yes to continue.  This is a known error and is being investigated.
  4. The system will send a Duo request to your default device. Approve the Duo request.
  5. A brief pop-up will display after successful connection.

    Tip!  Click the GlobalProtect icon to verify ‘Connected’ status. 

To disconnect from the GlobalProtect VPN service: 

  1. From the system tray or menu bar, click the GlobalProtect application icon.
  2. Click Disconnect.
Starting and disconnecting from GlobalProtect on your device

To start GlobalProtect on your mobile phone or tablet: 

  1. Open the GlobalProtect app.
  2. Enter the portal address vpn.princeton.edu, and tap Connect.
    Note: For iOS devices, tap Allow to give GlobalProtect permission to add VPN configurations, and enter your iOS device PIN (or other authentication method).
  3. When prompted, enter your Princeton NetID and password, and tap Login.
  4. The system will send a Duo request to your default device. Approve the Duo request.
    Note: For Android devices, tap OK on the Connection request pop-up window.
  5. Global Protect will send a notification (Android) or display the VPN icon in the status bar (iOS) when you are connected to the service.
  6. With VPN service established, open the application you want to access. 

To disconnect from the GlobalProtect VPN service: 

  1. Select the GlobalProtect application icon from your home screen. 
  2. Tap the Disconnect button.


FAQS

Can I keep the SonicWall SRA Connect Tunnel software installed on my device? 

Yes, you can keep both the SonicWall SRA Connect Tunnel and the GlobalProtect software installed on your devices. You cannot use them at the same time.

Can I access the same applications from GlobalProtect that I use from the SonicWall SRA Connect Tunnel?

Yes, we have updated firewall rules to provide the same access for SonicWall SRA Connect Tunnel and Global Protect, with the exclusion of Library digital resources.

Can I access Library digital services using GlobalProtect?  

Library digital resources hosted by external vendors cannot be accessed using the Global Protect VPN. At this time, continue to use SonicWall VPN to access these resources.

Can I use the GlobalProtect client from the Windows Store?  

Please DO NOT use the Global Protect client from the Windows store. 

Can I use Princeton's VPN on my personal devices?

Yes, please see the Information Security Office's amended position paper for important information.

Do I need to map my drives to access the Central File Server when connecting through VPN? 

It depends.  On your University-owned device the drives you have already mapped should display when you connect to VPN.  However, if the drives are not there or you are connecting with a personal device for the first time, you will need to map a drive. Please see the "How can I access the Central File Server remotely?" section above.

Is there a GlobalProtect client for the Linux operating system?

Yes, please see the KB article referenced below.

 

RELATED KNOWLEDGE BASE ARTICLES:

GlobalProtect VPN: Installation Instructions (for Linux instructions)

SonicWall VPN: Remote Access to Protected Resources - Get Started


How can I access the Central File Server remotely?

On Windows computers - connecting to your H: and M: drives

Please note: If you are off campus, you will need to make a VPN connection to the University before accessing the Central File Server. Once a VPN connection is established, follow the instructions below to access drives.

WINDOWS - Connecting to your Home (H:) Drive
  1. In the search box on the taskbar, enter My PC
  2. Click on This PC to open the app.
  3. In the top pane of the This PC window, click the Computer tab.
  4. Click Map Network Drive and from the drop-down list select Map Network Drive.
  5. The Map Network Drive dialog box will open. 
    • In the Drive field: Select H: from the dropdown.
    • In the Folder field type: \\files.princeton.edu\YourNetID
    • If you want to remap to this drive the next time you log in, click the Reconnect at sign-in checkbox.
  6. Click Finish.
  7. If you are prompted for authentication, login with your PRINCETON\YourNetID and password.
  8. The drive is now mapped.
WINDOWS - Connecting to your (M:) Departmental Drive
  1. In the search box on the taskbar, enter \\files.princeton.edu\dept and press Enter
  2. Expand the window by clicking on the maximize icon.

maximize button on windows

  1. You may be prompted to enter in your credentials. Enter your user name as “PRINCETON\yourNetID” and your password. Click OK.
  2. Click on your departmental folder in the list (a checkmark will display to the left of the name).
  3. Click on Home at the top of the window to display the header menu. 
  4. On the header menu, click on Easy Access, and choose Map a Drive.
  5. On the Map Network Drive screen, you can change the drive letter (optional).  Click the checkbox to the left of Reconnect at sign-in. Click Finish.
  6. The drive is now mapped.
On Mac computers - connecting to your H: and M: drives

Please note: If you are off campus, you will need to make a VPN connection to the University before accessing the Central File Server. Once a VPN connection is established, follow the instructions below to access drives.

MAC - save a link to your home drive (H:) on the desktop
  1. Click the Finder icon in the dock.
  2. Click Go on the menu bar.
  3. Click Connect to Server.
  4. In the Server address input box, enter smb://files.princeton.edu/YourNetID and click Connect.
  5. If you are prompted for authentication, login with your Princeton NetID and password.
  6. Right-click on the disk icon on the desktop labeled with YourNetID.
  7. Click on Make Alias.
  8. You will see a new disk icon on the desktop labeled: YourNetID alias.
MAC - save a link to your departmental drive (M:) in the Finder Sidebar
  1. Click on the Finder icon in the dock.
  2. Click on Finder on the menu bar.
  3. Click on Preferences.
  4. On the Sidebar tab, make sure “Connected servers” is checked under Locations.
  5. Close the Preferences window.
  6. On the menu bar, click Go.
  7. Click Connect to Server.
  8. In the Server address box, enter:  smb://files.princeton.edu/dept and click Connect.
  9. Login with your Princeton NetID and password.
  10. Select your departmental folder among the list by clicking on it.
  11. Click on File in the menu bar.
  12. Click on Add to Sidebar.
  13. You will see a link to your folder appear under Favorites in the Sidebar on the left.

Sign up for a consultation on VPN

Work Continuity Calendar

Important facts about VPN

Learn it