WiscVPN - Departmental VPN
The external Public IP used for GlobalProtect Departmental VPN are allocated from 18.104.22.168/26 (with some grandfathered exceptions)
The End User IP assignments for Departmental VPN GlobalProtect users are assigned from 10.130.240.0/20 (with some grandfathered exceptions)
Filtering: The service allows for protection of client devices through the use of URL filtering of malware and phishing sites. The policy of what is filtered is determined and implemented through the Office of Cybersecurity.
Tunneling: The GlobalProtect VPN service tunnels ALL traffic though campus.
NOTE: The service does NOT yet support IPv6
|https://kb.wisc.edu/108255||Ways in which to get the Palo Alto Global Protect VPN client.|
|https://manifest.services.wisc.edu||Control who is allowed to authenticate to the VPN termination point and/or self assign a static IP address.(If Central Campus RADIUS or AD is being used.)|
|https://access.services.wisc.edu|| This is a site that allows end users to self assign a static IP address per VPN group they belong to above. (If Central Campus RADIUS is being used.)
|uwmadison.vpn.wisc.edu|| The main UW Madison VPN termination point. Requires the Palo Alto Global Protect client.|
|<dept_name>.vpn.wisc.edu||This is an example of a department's VPN termination point.|
|Site Redundant System|
Static IP Assignment
Supports Static IP Self-Assignment
Multi-Factor Auth. - DUO Capable
User Based Firewall Rules
Group Based Firewall Rules
|Central Campus RADIUS||*||Yes||Yes||Yes||Yes||Yes||Yes||No|
| Central Campus AD||Yes||Yes||Yes - With some NS manual invention per user||No||No||Yes||Yes - But uses UUID group names|
|Departmental AD||Dept. Dependent||No||Possibly - With some NS manual invention per user||No||No||Yes|| Yes|
|Departmental RADIUS||Dept. Dependent||No||Possibly - Dept. Dependent||Possibly - Dept. Dependent||Possibly - Dept & DoIT IAM interaction required||Yes||No|
- Can the "uwmadison.vpn.wisc.edu" VPN termination point meet your VPN requirements today?
- If it can, please use uwmadison.vpn.wisc.edu, with or without static IP assignments, today.
- If not, please create a ticket with the Helpdesk, submitting answer to the following questions?
- I would like a Departmental VPN because ...
- Using the VPN Authentication Method table above, decide on which one you'd like to use and include it in the request.
- Roughly how many users in a 24 hour time frame could connect to your Dept. VPN?
- Do you have the need for IPs being assigned to specific users?
- If so, how many?
- Do you already have a Palo Alto virtual firewall that you manage?
- If so, what is the name/vsys#?
- What do you want to name the VPN termination point? (Example: <something>.vpn.wisc.edu)