Instructions for LLNL-Managed Computers

Follow the instructions below to install the GlobalProtect or Cisco AnyConnect software on your LLNL-managed computer using LANDESK or MacPatch. You can have both Cisco AnyConnect and GlobalProtect installed on the same computer, but please do NOT connect with them at the same time.

GlobalProtect Windows
GlobalProtect Mac
GlobalProtect Windows (Nov 19)
GlobalProtect Mac (Nov 19)


GlobalProtect

GlobalProtect Instructions for Windows-Installation
  1. Click the Windows icon. (If offsite, a VPN connection is NOT required.)
    1. Search for and select Portal Manager. (A software portal window appears.)
  2. Select GlobalProtect VPN.
  3. Press Launch button. (It may take 30 seconds before the software begins to download and install.)
  4. Reboot when prompted. Do NOT reconnect to Cisco AnyConnect.
  5. Open GlobalProtect.
  6. To log in, enter your OUN in the Username field and your OTP (PIN + token code) in the Password field.

  7. If your computer connects successfully and you pass the antivirus software enforcement check, you should get a notification letting you know that you connected successfully. The following notification will appear:



  8. To disconnect the GlobalProtect VPN software, click the "Globe" icon in the system tray, then click the "Disconnect" button.
GlobalProtect Instructions for Mac
  1. Select Open MacPatch from MacPatch menu bar item. (If offsite, a VPN connection is NOT required.)
  2. Press the Install button next to GlobalProtect VPN Agent. (A progress bar will appear at the bottom of the window.)
  3. Click the Open Security Preferences button when it appears.
  4. Click the Allow button.
  5. Make sure Palo Alto Networks box is checked and press the OK button.
    1. Depending upon your configuration you may get a window that indicates that you need to restart your computer. Click OK and continue with the installation.
  6. For macOS 10.15 only - Click the Privacy tab.
    1. Select Full Disk Access from the list on the left.
      1. If needed, click the padlock icon to unlock the pane.
    2. Click the plus sign (+) button.
    3. Browse to and select /Applications/GlobalProtect.app.
    4. If prompted to quit GlobalProtect, choose Later.
  7. Reboot the computer.
  8. To use the software, click the "Globe icon" in the menu bar.




  9. To log in, enter your OUN in the "Username" field and your OTP (PIN + token code) in the "Password" field.

  10. If your computer connects successfully and you pass the antivirus software enforcement check, you should get a notification letting you know that you connected successfully. The following notification will appear:



  11. To disconnect the GlobalProtect VPN software, click the "Globe icon" in the Finder menu bar and click the "Disconnect" button.

GlobalProtect

GlobalProtect Instructions for Windows-Installation
  1. Click the Windows icon. (If offsite, a VPN connection is NOT required.)
    1. Search for and select Portal Manager. (A software portal window appears.)
  2. Select GlobalProtect VPN.
  3. Press Launch button. (It may take 30 seconds before the software begins to download and install.)
  4. Reboot when prompted. Do NOT reconnect to Cisco AnyConnect.
  5. Open GlobalProtect.
  6. In the GlobalProtect window, enter the LLNL VPN portal address: gpvpn.llnl.govClick "Connect".



  7. A login window will now appear in your default web browser. Select whichever option is most convenient for you, and one that corresponds to a device you already have (i.e., don’t choose ‘DOE PIV Card’ if you don’t have one).
    • MyPass
    • DOE PIV Card (badge with embedded chip)
    • RSA (SecurID, also known at LLNL as the One-Time Password, or OTP)




  8. If you choose RSA, enter your OUN in the Username field and your OTP (PIN + token code) in the Password field that appears on the next screen. Proceed to step 7.
    If you choose MyPass or PIV, you will be prompted to select the proper certificate:
    • For MyPass, choose the certificate with your official username somewhere in the subject.
    • For PIV, choose the certificate with your name in uppercase letters. It might also say ‘Affiliate.’


    A window showing a dialog box to select a certificate.

    1. Enter your PIN and press OK/Continue:

      A Windows Security prompt showing a dialog to enter in the user's PIN.

      NOTE: If you are using Firefox and not getting a prompt for a valid certificate, you may be able to resolve your issue by going to “Settings > Privacy & Security > Security > View Certificates… > Authentication Decisions” , select any value where the host contains the term “eidp” and Delete, then reload your browser/reboot and try again:
      A dialog box showing a list of certificates for a user to delete

  9. Once you authenticate successfully, your browser will display the following window:

    An alert from Palo Alto Networks that confirms authentication was successful

    Follow the instructions given and select “Open GlobalProtect” if you see a system dialog prompt (at which point you can choose to Always Remember) or click the “click here" link to launch the GlobalProtect client and complete the connection.

  10. If you do not pass the antivirus software enforcement check, you will not be able to reach any LLNL resources and will receive a pop-up window instructing you to remediate your computer and reconnect:



  11. To disconnect the GlobalProtect VPN software, click the "Globe" icon in the system tray, then click the "Disconnect" button.
GlobalProtect Instructions for Mac
  1. Select Open MacPatch from MacPatch menu bar item. (If offsite, a VPN connection is NOT required.)
  2. Press the Install button next to GlobalProtect VPN Agent. (A progress bar will appear at the bottom of the window.)
  3. Click the Open Security Preferences button when it appears.
  4. Click the Allow button.
  5. Make sure Palo Alto Networks box is checked and press the OK button.
    1. Depending upon your configuration you may get a window that indicates that you need to restart your computer. Click OK and continue with the installation.
  6. For macOS 10.15 only - Click the Privacy tab.
    1. Select Full Disk Access from the list on the left.
      1. If needed, click the padlock icon to unlock the pane.
    2. Click the plus sign (+) button.
    3. Browse to and select /Applications/GlobalProtect.app.
    4. If prompted to quit GlobalProtect, choose Later.
  7. Reboot the computer.
  8. To use the software, click the "Globe icon" in the menu bar.




  9. In the GlobalProtect window, enter the LLNL VPN portal address: gpvpn.llnl.gov
    1. Click "Connect".
      Mac Install Instructions
  10. A login window will now appear in your default web browser. Select whichever option is most convenient for you, and one that corresponds to a device you already have (i.e., don’t choose ‘DOE PIV Card’ if you don’t have one).
    • MyPass
    • DOE PIV Card (badge with embedded chip)
    • RSA (SecurID, also known at LLNL as the One-Time Password, or OTP)
    Mac Install Instructions
  11. If you choose RSA, enter your OUN in the Username field and your OTP (PIN + token code) in the Password field that appears on the next screen. Proceed to step 17.

    If you choose MyPass or PIV, you will be prompted to select the proper certificate:
    • For MyPass, choose the certificate with your official username somewhere in the subject.
    • For PIV, choose the certificate with your name in uppercase letters. It might also say ‘Affiliate.’
    NOTE: If you are using Firefox and not getting a prompt for a valid certificate, you may be able to resolve your issue by going to “Settings > Privacy & Security > Security > View Certificates… > Authentication Decisions” , select any value where the host contains the term “eidp” and Delete, then reload your browser/reboot and try again:
    A dialog box showing a list of certificates for a user to delete


  12. Once you authenticate successfully, your browser will display the following window: Mac Install Instructions
    Follow the instructions given and select “Open GlobalProtect” if you see a system dialog prompt (at which point you can choose to “Always Remember”) or click the “click here" link to launch the GlobalProtect client and complete the connection.

  13. If you do not pass the antivirus software enforcement check, you will not be able to reach any LLNL resources and will receive a pop-up window instructing you to remediate your computer and reconnect:

    Mac Install Instructions

  14. To disconnect the GlobalProtect VPN software, click the "Globe icon" in the Finder menu bar and click the "Disconnect" button.