TCIT Knowledge BaseSecurityVPN Palo Alto GlobalProtect VPNSetting Up the Palo Alto GlobalProtect VPN - Mac OS X

Setting Up the Palo Alto GlobalProtect VPN - Mac OS X

This manual should be used to download, install and connect to the Teachers College GlobalProtect VPN on Mac OS X devices.

  1. Open up a web browser, and navigate to the GlobalProtect VPN Portal at https://tcvpn.tc.columbia.edu



  2. Login with your TC-supplied Active Directory credentials (No need to put TC\ in front of your username to define the domain).



  3. iCloud Keychain may ask if you'd like to save your Active Directory credentials permanently. TC recommends against this as your AD credentials will need to be updated at regular intervals. Click Never for This Website.



  4. Please Note: If your login attempt fails with an error message of The username you have entered cannot authenticate with Duo Security, please contact TC's Service Desk at servicedesk@tc.columbia.edu to get setup with a Duo MFA account.



  5. If authentication is successful, you'll receive a Duo authentication prompt on your 2nd factor device for GlobalProtect Portal access. Approve the login request to continue.



  6. Download the correct GlobalProtect VPN client version for your host machine (Mac OSX 32/64 bit).



  7. Go to the Downloads folder and run the GlobalProtect.pkg file.



  8. Click Continue to proceed.



  9. Check GlobalProtect and click Continue.



  10. Click Install.
  11. Enter your local Mac credentials and click Install Software.
  12. You may get a pop up window titled System Extension Blocked. Click Open Security Preferences to continue.
  13. Click Allow to unblock the GlobalProtect client installer and close the Security & Privacy window.
  14. Return to the installer and click Close to finish installation.
  15. Click Move to Trash to delete the installer file.
  16. On your desktop, click the GlobalProtect icon on the Menu bar.



  17. The client will ask for your portal address upon first open.
    Enter in the Portal Address: tcvpn.tc.columbia.edu, and click Connect.
  18. You'll be prompted to enter a username/password. Please enter your Active Directory credentials and click Sign In.
  19. You'll receive a Duo authentication prompt on your 2nd factor device for GlobalProtect Gateway authentication. Approve the login request to continue.



  20. Once the client successfully connects, you'll have remote access to your TC on-premise resources.
  21. A welcome page will also pop up upon initial connection. If you wish to disable permanently, check Do not show this again in the bottom right and close the window.
  22. If for any reason you're not prompted to connect to the GlobalProtect Gateway upon first open, you can do so manually. Press the Settings icon in the top-right corner of the client.



  23. Under the Portals section, click +.
  24. Enter in the Portal Address: tcvpn.tc.columbia.edu, and click Save.
  25. Close out of the GlobalProtect Settings window, and click Connect.
  26. During the connection process, you'll see the message Connecting... while Duo authentication is taking place.
  27. Accept the Duo authentication prompt to connect.



  28. Once the client successfully connects, you'll have access to your TC on-premise resources.

    Note: If you don't have access to required on-premise resources, please send Service Desk an email at servicedesk@tc.columbia.edu with the description and IP address of the unavailable resource(s).

  29. If you need to authenticate with a different Active Directory account or re-login because of an updated Active Directory password, open up the GlobalProtect Client Settings.



  30. Click Sign Out under the Account section.
  31. Click Yes to clear the existing credentials.
  32. Close the Settings window.
  33. Select the GlobalProtect icon on the Mac Menu Bar, then login again with your Active Directory credentials to get connected.
  34. Once the client successfully connects, you'll have access to your TC on-premise resources.