Setting up and using GlobalProtect VPN for Linux

VPN provides you with secure access to University services and the Internet when you are off campus. Northwestern is transitioning to a new VPN platform called GlobalProtect. GlobalProtect replaces three existing VPN clients: built-in native VPN clients, Cisco AnyConnect, and Pulse Secure SSL VPN. For details on the transition, see https://www.it.northwestern.edu/about/it-projects/vpn-migration-2019/overview.html.

Note that GlobalProtect requires you to authenticate with your NetID and NetID password and Duo multi-factor authentication. If you need to register a phone for multi-factor authentication, see https://kb.northwestern.edu/mfa.

Northwestern IT is aware of VPN access issues from China. We tried implementing workarounds by changing our VPN public IP. However, within a few days of these workarounds Northwestern VPN was blocked again by the Chinese telecommunications agency. At the present time, we cannot provide a solution to using Northwestern VPN in China because the Chinese telecommunications agency continually searches for and blocks Northwestern VPN servers. We have heard anecdotally from some people that using a third party VPN service has worked for them, but we cannot confirm which, if any services, will work.

Supported Linux versions

Because Northwestern's GlobalProtect requires Duo Mobile multi-factor authentication (MFA), only GUI versions of the GlobalProtect can be used on Linux systems. You cannot use the command line (CLI) interface. Given that requirement, these Linux versions are the only supported operating systems:
  • Ubuntu 18.04.3 LTS
  • Ubuntu 18.04.2 LTS
  • Ubuntu 19.04
  • Red Hat Enterprise Linux 7.0 - 7.7
  • CentOS 7.0 - 7.7

Set up GlobalProtect

  1. Download the GlobalProtect installation package for your Linux system. The current version offered below is 5.3.1.
  2. Open the terminal on your device and install GlobalProtect. Note that the commands may vary depending on your version of Linux.
    • RHEL 7/centOS CLI commands:
      yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
      yum localinstall --nogpgcheck GlobalProtect_UI_rpm.rpm
    • Ubuntu/Debian CLI commands:
      sudo apt-get install libqt5webkit5
      sudo dpkg -i GlobalProtect_UI_deb.deb
  3. When prompted for a portal address, enter vpn-connect.northwestern.edu.
  4. Once installation is complete, GlobalProtect will appear in your menu bar at the top of your Linux system.

Connect to GlobalProtect

  1. Click the GlobalProtect icon in the menu bar, enter the portal address (vpn-connect.northwestern.edu), then click Connect.
  2. When prompted, enter your NetID and NetID password, then confirm your identity with Duo multi-factor authentication. You will then be connected to GlobalProtect.
    global protect linux connect
  3. To disconnect, click the GlobalProtect icon again, then click Disconnect.
    global protect linux disconnect
  4. If you are not seeing the Global Protect icon in your menu bar, there is a CLI command to bring it up:
    1. On the terminal prompt, enter "globalprotect launch-ui"  (NOTE: It may take longer than expected to see the Online Passport page to appear in the next step)
    2. This will bring up the windows above
    3. You can use this if you need to connect and don't see the icon, or to bring up the icon when you need to disconnect.

See Also:

For additional assistance please contact the IT Support Center at 847-491-4357 (1-HELP) or via email at consultant@northwestern.edu.



Keywords:virtual private network global protect GP   Doc ID:88087
Owner:TNS Data Network .Group:Northwestern
Created:2018-11-29 16:46 CSTUpdated:2021-11-11 15:50 CST
Sites:Northwestern
Feedback:  0   3