Primary Services
Other Services
Miscellaneous
Home Palo Alto VPN Setup

Palo Alto VPN Setup

This page covers the installation and use of the client software required to use the University of Utah School of Computing Virtual Private Network (VPN) service, found at: https://vpn.cs.utah.edu .

Accessing the School of Computing’s VPN

Currently the School’s VPN is provided by the Global Protect Client of our Palo Alto Firewall.  There are clients for Windows and Mac OS X.  To download a client go to our VPN system and login with your SoC Active Directory username and password.  After installing the client you have three portals to choose from depending on how you’d like to tunnel your traffic:

  1. vpn-world.cs.utah.edu – Tunnel all traffic through the VPN
  2. vpn-uofu.cs.utah.edu – Tunnel only University of Utah traffic through the VPN
  3. vpn-soc.cs.utah.edu – Tunnel only School of Computing traffic through the VPN

vpn.cs.utah.edu is an alias for vpn-uofu.cs.utah.edu

Note that UIT also now uses the Global Protect client.   Theirs is based on your uNID while ours uses your SoC username and Active Directory password.   If you are switching between them you’ll have to sign out via the Settings -> General tab and log in using the appropriate account for the VPN you’re connecting to.

Using native IPsec clients with PSK (Pre-Shared Key)

While not officially supported, you may use your native IPsec client to access the VPN (Mac OS X, Apple iOS, Android etc.)  Windows’ client is not a pure IPsec client and is not supported at all.  The PSK information is available after you authenticate with the VPN.  Android must be at least version 4.0.3, and some kernels with 4.0.3 have a bug that cause it to not work with IPsec.

Issues with High Sierra (MacOS) and Later Releases

In the High Sierra and later versions of Mac OS X, Apple Computer has changed how kernel modules are loaded.  In short, Apple has an approved list of drivers and the Palo Alto Global Protect driver is not on that list.  Fortunately, adding your own driver to the approved lists is a simple task:

  1. Boot into Recovery Mode.  (Usually this is performed by holding down ⌘-R as the machine boots.)
  2. Open a terminal in Recovery mode.
  3. Enable Palo Alto’s key by entering: “spctl kext-consent add PXPZ95SK77” in the terminal.
  4. Reboot.

 You will only have to perform this task one time.  The Palo Alto driver will be recognized from that point on.