Topics Map > IT Operations > Customer Support and Policies > VPN

Pulse Secure Departmental VPN

Pulse Secure is the departmental VPN client that is used by Engineering, Physics, and Mathematics departments to access resources, like shared drives, on additionally firewalled networks.

Windows

Edge

  1. Open Edge.
  2. Type the URL that corresponds to your department.
  3. Once you're on this page, you will see an indication that the Host Checker is attempting to run.
  4. The Host Checker will attempt to run once the page loads.
    image3.png
  5. If this is the first time the Host Checker has run, you will see the plug-in attempt to install. This will be followed by a request to install the Pulse Application Launcher (PAL). The PAL will install/run any Pulse Secure web plug-in that you need once it's on the computer. It may take a moment for this prompt to appear.
    image1.png
  6. If you see this window, you can ignore it by hitting the "Esc" button on your keyboard:
    image7.png
  7. The plug-in will download and then try to run. You will see an indicator at the bottom of the Edge window.
    image5.png
  8. Run the installer and follow any prompts that you see. 
  9. As plug-ins are installed, you may notice prompts to allow access for the plug-in. It is ideal to "Always" allow or "Save" the options that you're selecting. Please read all prompts carefully to determine what is best for your configuration. Here is an example:
    image10.png
  10. After the Launcher package installs, you should get another pop-up letting you know that the installation has been completed.The current page on the browser has some information that will guide you to launch Pulse Secure. Select the "HERE" option that is highlighted in blue.
    image2.png
  11. Again, allow any prompt with "Always" that shows up related to the Pulse Secure installation.
    image8.png
  12. You will be asked if you meant to switch apps. Yes, you did mean to do that. The PAL needs to run to handle the plug-ins.
    image6.png
  13. After allowing the PAL to run you should find that the Host Checker runs successfully and takes you to the logon page.
    image11.png
  14. You may be prompted for a second form of authentication when you log in. This prompt will look similar to other campus systems and show you Duo authentication options. Please use your preferred Duo authentication method.

When you load the VPN page in the future, any component updates should happen automatically. If you have permanently accepted all of the security prompts, the logon page will load and you can easily continue by entering your username and password when prompted.

If your office desktop has been configured by the Service Desk for Remote desktop, you should be able to click on the link titled "Connect To My Office Desktop." If this does not work, please contact the service desk at eit-help@umd.edu or 301-405-1634. 

Firefox

  1. Open Firefox.
  2. Type the URL that corresponds to your department.
  3. Once you're on this page, you will see an indication that the Host Checker is attempting to run.
    loadhostchecker.PNG
  4. If this is the first time the Host Checker has run, you will see the plug-in attempt to install. This will be followed by a request to install the Pulse Application Launcher (PAL). The PAL will install/run any Pulse Secure web plug-in that you need once it's on the computer. It may take a moment for this prompt to appear.
    installpal.PNG
  5. The plug-in will download through Mozilla Firefox and be available in the downloads area in the top right corner.
    runinstaller.PNG
  6. As plug-ins are installed, you may notice prompts to allow access for the plug-in. It is ideal to "Always" allow or "Save" the options that you're selecting. Please read all prompts carefully to determine what is best for your configuration.
    image6.png
  7. Choose the "here" button to return to the logon page.
    clickhere.PNG
  8. After this, you will need to go back to the logon page. This will run Host Checker and then you will see a logon prompt.
    logon.PNG
  9. You may be prompted for a second form of authentication when you log in. This prompt will look similar to other campus systems and show you Duo authentication options. Please use your preferred Duo authentication method.
  10. The logon prompt may be interrupted with security or compliance warnings. Please read the displayed messages carefully and fully to decide how to proceed to correct the compliance issues on your computer.
  11. When you load the VPN page in the future, any component updates should happen automatically.

If your office desktop has been configured by the Service Desk for Remote desktop, you should be able to click on the link titled "Connect To My Office Desktop." If this does not work, please contact the service desk at eit-help@umd.edu or 301-405-1634.

Mac

Safari

1. Enable your Firewall

2. Open Safari.

3. Type the URL that corresponds to your department.

4. Once you're on this page, you will see an indication that the Host Checker is attempting to run.

5. The Host Checker will attempt to run once the page loads.

image3.png


6. If this is the first time the Host Checker has run, you will see the plug-in attempt to install. This will be followed by a request to install the Pulse Application Launcher (PAL). The PAL will install/run any Pulse Secure web plug-in that you need once it's on the computer. It may take a moment for this prompt to appear.

7. Click Download. You may be prompted to allow downloads on "newvpn.ece.umd.edu." If so, click "Allow."

image1.png

8. Double-click on the PulseSecureAppLauncher.dmg installer from your Downloads folder, then Double-click on PulseSecureAppLauncher.mpkg and follow any prompts that you see.

PulseSecureAppLauncher_dmg.png


PulseSecureAppLauncher_mpkg.png


9. Once the Launcher has been installed, the current page on the browser has some information that will guide you to launch Pulse Secure. Select the "HERE" option that is highlighted in blue.

ClickHere.png


10. Again, allow any prompt with "Always" that shows up related to the Pulse Secure installation.

AllowPulseLauncher.png

HostCheckerAlways.png


11. After allowing the PAL to run you should find that the Host Checker runs successfully and takes you to the logon page. If you are not redirected to the logon page, Quit Safari and repeat Steps 2-10.

Logon.png


12. You may be prompted for a second form of authentication when you log in. This prompt will look similar to other campus systems and show you Duo authentication options. Please use your preferred Duo authentication method.


When you load the VPN page in the future, any component updates should happen automatically. If you have permanently accepted all of the security prompts, the logon page will load and you can easily continue by entering your username and password when prompted.

If your office desktop has been configured by the Service Desk for Remote desktop, you should be able to click on the link titled "Connect To My Office Desktop." If this does not work, please contact the service desk at eit-help@umd.edu or 301-405-1634.

Android

  1. Open the "Google Play Store" on your device.
  2. Search for "Pulse Secure" using the store's search feature.
    image10.png
  3. Click "Install" and then "Accept" to download and install the new app.
    image9.pngimage6.png
  4. Once it is installed, open it.
    image11.png
  5. You should see the following screen.
    image5.png
  6. Enter the url "newvpn.ece.umd.edu" regardless of which department you are with.
    image1.png
  7. Click "Submit" and you will see the following screen appear.
    image8.png
    • Name: The designation that you are giving to this configuration. It can be anything that will help you remember that this is your department VPN.
    • URL: https://newvpn.ece.umd.edu (What you entered in the previous screen.)
    • Authentication: Password (This is the default selection. You will be prompted for your password at a later time.)
    • Realm: The abbreviation you use for your department. Choose from the following: Math, Physics, ENG. (Any engineering unit should use "ENG" here.)
    • Role: Leave this blank. 
  8. When you're done entering all of this, click "Add" to be taken to the connection screen.
    image12.png
  9. Now click the "Connect" button.
  10. You will be prompted for your password. The password will be your directory password. 
  11. You may also be prompted for "secondary authentication" in a new window. This uses the Duo app or key fob that you typically use to access campus systems.
  12. You will see the following screen once you're connected.
    image13.png
  13. Use the "Intranet" button to navigate to web links and features that have been made available to you. You can also choose to use your regular browser, as your connection has been encrypted. It may look similar to this:
    image3.png
  14. To sign out, choose the "Disconnect" button on the main screen.
  15. The icon at the top of the screen that is shaped like a key will alert you to the fact that you are connected to the VPN.
    image4.png


Pulse Secure setup is now complete.

Ubuntu Linux

These directions will walk through how to download and configure the Pulse Secure

  1. Update your Ubuntu OS and applications.
  2. Make sure that you have a firewall configured. 
  3. Terminal command: sudo apt-get install libwebkitgtk-1.0
  4. Terminal command: sudo apt-get install libgnome-keyring0
  5. Terminal command: sudo apt-get install libproxy1-plugin-webkit
  6. Download the Pulse Secure client file.
  7. Use the option for "Software Install (default)" on the download prompt.
  8. Select the "Install" option presented.
    1.png
  9. Authenticate, if prompted.
  10. Run the Pulse Secure client from the applications list.
    2.png
  11. This is what the application will look like when it opens the first time.
    3.png
  12. Add the information for the connection by selecting the "+" sign and inputting your unit's information in spaces where the department is indicated, as shown here. Your department will be one of the following: Math, Physics, ENG (The ENG realm now covers all engineering units.)
    4.png
  13. Once you're done you will "save" the options and then return to the main client screen. You should see your VPN connection listed there and it will be available for you to use in the future. 
  14. You can connect to the VPN by hitting "connect" at any time. You should see an indicator available in your status bar at the top of the screen when it's connected.
    5.png
  15. You will be prompted to authenticate using your directory username and password.
  16. You may also be prompted for "secondary authentication" in a new window. This uses the Duo app or key fob that you typically use to access campus systems.
  17. If you receive an error message after authenticating, please read it carefully and completely as it will explain what the issue is and may give you a suggested resolution. 
  18. Once you're connected you will see the status on the client change. To disconnect, simple hit the "disconnect" button once it's available.
    6.png

Chromebooks

Security Considerations

Chromebooks are encrypted and require password for logon, but here are a few items to consider:

  • The lock screen should always be enabled to prompt when waking from sleep. By default, a Chromebook will not prompt when the screen is opened or after it goes into standby. The Instructions here will help you complete this important security step.
  • Before passing a Chromebook on to someone else, it's nice to "powerwash" it. This is simply another word for resetting it to a fresh state. The Service Desk can assist if you need to pass a Chromebook along to another user. Instructions are also available on the web (e.g. here).
  • Updates happen automatically on Chromebooks. As always, it's important to restart for updates when prompted.


Remote Desktop on Chromebooks

The Pulse Secure VPN address to remote desktop into an office computer using a Chromebook is chromebook.<dept>.umd.edu. This specific address is configured to work on Chromebooks and other devices that cannot run the Host Checker. The interface is limited to being able to connect to an office workstation.

  1. Check in with your departmental IT support team to make sure your computer and account have been configured for remote desktop to your primary workstation. 
  2. Use one of the following links to connect via your Chromebook to the VPN:
  3. Log in with your directory ID and password.
  4. You may also be prompted for "secondary authentication" in a new window. This uses the Duo app or key fob that you typically use to access campus systems.
  5. Choose from one of the following HTML5 RDP links on the page. Note that both will do the exact same task, there are simply minor differences in the passthrough options for each. Prior to connecting, it is recommended that you make the browser window full screen. (See the upper row of keys on the Chromebook keyboard and find the full screen button.)

html5_options.png


 

Pulse Desktop Client

Pulse Desktop Client

Purpose of the Pulse Secure Client

To securely tunnel most internet traffic from your computer through our connection here at the university. This is important not only for security, but generally for the successful connection of network drives and other similar resources that are only available through our secured networks. The VPN connects you to our secured network. 

The Pulse Secure Client does run security checks on your computer, just like the web interface. Failure to adhere to these policies will result in the connection being denied.

Important Notes Before Installation

  • Please read our considerations page before continuing. 
  • This is written with the assumption that the customer has been able to log in through the VPN web site (vpn.<department>.umd.edu). Your department will be one of the following: Eng, Math, or Physics. If you haven't looked at our documentation regarding logging in to the departmental VPN web site, please see this article
  • This also assumes the customer has administrative access to the system that they're installing the client on. 
  • This assumes that you are required to have the Pulse Secure client for the work that needs to be accomplished. The Pulse Secure client isn't needed for everything in our environment. (An example of an unnecessary installation would be a Tier 3 department staff computer. This type of system is already connected to our secured network.)

Installing the Pulse Secure Client

  1. Open the VPN web interface (vpn.<department>.umd.edu), scroll down, and look for the following line:
    image2.png
  2. Click the “Start” button on that line. This will initiate the client installer.
  3. Accept any installation prompts to allow the program to install. This will differ between operating systems slightly.

  4. When the program gets installed you will see its icon either in your taskbar (Windows) or at the top of your screen near the network icon (Mac OS):image4.png

  5. When the connection is complete you will notice that there is a little green arrow on the above S icon indicating that Pulse Secure is online/connected. 


Using the Pulse Secure Client

If you are using the Pulse Secure client regularly to connect to a network drive or other resource, you will not have to use the web interface each time to get to it. Simply open the client from your start menu or by searching for it on your computer. You can use the Start menu in Windows 10 or the Finder in Mac OS to locate the client.

  1. Open the client.
    image1.png

  2. When running the client you will find a pre-existing connection that was populated during the installation process. Click the “Connect” button that is next to it.
    image3.png

  3. Your client will run through the usual host checker policies and prompt you for authentication. Use your standard directory ID and password, just like you would on the web interface.
    first.PNG

  4. If you are required to use a second form of authentication, you will see the "Secondary Password" field displayed. This uses the Duo application or key generator that you use for many campus systems. You can type the word "push" here to have the app on your phone display a prompt for the Duo authentication.
    second.PNG
  5. The client will then connect. 

  6. If you receive an error message when trying to connect, please read it carefully and fully. Many of the messages that you receive will be regarding failed policies or settings. Several of them are easy to resolve if you follow the directions or suggestions indicated by the Pulse Secure client. If you cannot solve the error message, please contact the Service Desk.

In-Depth Considerations on Pulse

There are two main VPNs that the Engineering IT Service Desk supports: Cisco AnyConnect for UMD and Pulse Secure for Engineering, Math, and Physics secured services and networks. 

Both VPNs have their respective uses, and this document will explain the primary differences between the two and provide a couple of examples to help clarify which VPN is best to use in a particular situation.

The primary reason that we use both VPNs is to get inside of our campus/departmental firewalls. If we were to think about the firewalls as physical walls, the campus firewall is the main outer firewall (blue rectangle), and then within the campus firewall are smaller, more secure areas with more specific firewalls. In the diagram below, within the campus border you will see three distinct sections. This is just a sampling to show you some of the items that have been secured with more specific firewalls on campus. Those of you familiar with KFS and SIS, for example, will realize that to access those you need to use a specific Cisco VPN group.


vpn_firewall.png


If you want to access anything that is behind the blue wall, i.e anything else that needs to go through UMD’s Central Authentication System (CAS), you need to use Cisco AnyConnect to access it while not on campus networks. Apps like Hummingbird/Optix also require connection through the Cisco VPN, even when on campus.

If you are trying to access information stored in a departmental shared folder, or access your remote desktop for a computer on a departmental VLAN, you need to use Pulse Secure or the Cisco VPN with the UMaccess-MFA group.

In the diagram above, the Engineering college (which in the case of IT also includes Math and Physics) has its own firewall. Many of the resources for our departments are behind this specific firewall. This is why some items require the use of the Pulse Secure VPN or the Cisco VPN with the UMaccess-MFA group for access.

Below are a few examples of common reasons to use one of the VPNs, with corresponding instructions:

  1. Access the Hummingbird/SIS software from home: Use Cisco AnyConnect, with the UMaccess-MFA group.  See this link for more details https://ask.eng.umd.edu/internal/95539 . After logging in, you should be able to connect to SIS with Hummingbird/Mocha.

  1. Remote desktop to a staff machine: Once the machine you are connecting to is set up for remote desktop (you will need to work with the Service Desk for this), you need to use either the Pulse VPN or the Cisco VPN with the UMaccess-MFA group to access it.  Using Pulse, it is easy to click on "Connect to my Desktop" within the Pulse web client for access.  This link has more information on both options https://ask.eng.umd.edu/internal/95540

  1. Access a file that is stored in a BIOE shared folder: The Pulse Secure client or the Cisco VPN with UMaccess-MFA are the ways to do this. Generally, we recommend that connections like this simply be done using remote desktop rather than mapping the drive locally but that is up to the customer.  This link has more information https://ask.eng.umd.edu/internal/95540

For more information about the Cisco VPN, visit this page https://ask.eng.umd.edu/internal/95539 

For more information about Pulse Secure and our web VPN, please visit our other information page here https://ask.eng.umd.edu/103386





Keywords:pulse secure vpn web app desktop remote desktop   Doc ID:103386
Owner:Ayla H.Group:University of Maryland Engineering IT
Created:2020-06-26 08:06 EDTUpdated:2020-07-07 12:34 EDT
Sites:University of Maryland Engineering IT
Feedback:  1   0