UW Madison VPN and Departmental VPN
Palo Alto Global Protect VPN client, please contact the Helpdesk.
Departmental VPN access is controlled by the departmental Firewall/VPN/Network administrators. They do this either by Manifest (preferred) or by their local departmental authentication system. Please contact your departmental Firewall/VPN/Network administrator(s) for access to a Departmental VPN.
|https://kb.wisc.edu/page.php?id=68164||Ways in which to get the Palo Alto Global Protect VPN client.|
|https://manifest.services.wisc.edu||Control who is allowed to authenticate to the VPN termination point and/or self assign a static IP address.(If Central Campus RADIUS or AD is being used.)|
|https://access.services.wisc.edu|| This is a site that allows end users to self assign a static IP address per VPN group they belong to above. (If Central Campus RADIUS is being used.)
|uwmadison.vpn.wisc.edu|| The main UW Madison VPN termination point. Requires the Palo Alto Global Protect client.|
|<dept_name>.vpn.wisc.edu||This is an example of a department's VPN termination point.|
NS = Network Services
|Site Redundant System|
Static IP Assignment
Supports Static IP Self-Assignment
Multi-Factor Auth. - DUO Capable
User Based Firewall Rules
Group Based Firewall Rules
|Central Campus RADIUS||*||Yes||Yes||Yes||Yes||Yes||Yes||No|
| Central Campus AD||Yes||Yes||Yes - With some NS manual invention per user||No||No||Yes||Yes - But uses UUID group names|
|Departmental AD||Dept. Dependent||No||Possibly - With some NS manual invention per user||No||No||Yes|| Yes|
|Departmental RADIUS||Dept. Dependent||No||Possibly - Dept. Dependent||Possibly - Dept. Dependent||Possibly - Dept & DoIT IAM interaction required||Yes||No|
Decide on the following:
- Can the "uwmadison.vpn.wisc.edu" VPN termination point meet your VPN requirements today?
- If it can, please use uwmadison.vpn.wisc.edu, with or without static IP assignments, today.
- If not, please create a ticket with the Helpdesk, submitting answer to the following questions?
- I would like a Departmental VPN because ...
- Using the VPN Authentication Method table above, decide on which one you'd like to use and include it in the request.
- Roughly how many users in a 24 hour time frame could connect to your Dept. VPN?
- Do you have the need for IPs being assigned to specific users?
- If so, how many?
- Do you already have a Palo Alto virtual firewall that you manage?
- If so, what is the name/vsys#?
- What do you want to name the VPN termination point? (Example: <something>.vpn.wisc.edu)