WiscVPN GlobalProtect VPN

Campus VPN WiscVPN Replacement service

Replacement WiscVPN BETA Service

The University of Wisconsin-Madison WiscVPN service will be replaced with a new remote access VPN service scheduled for the Summer of 2017.

The new service is based on the Palo Alto client named GlobalProtect.

The GlobalProtect client can be download either by

1. Connecting to https://uwmadison.vpn.wisc.edu
2. By visiting vpn.wisc.edu and following the manual download netid protected link at the bottom of the page "
Manual download and install, VPN Client Downloads".

The new service will support ONLY the dynamic IP address assignments and not the STATIC IP WiscVPN service (in this first migration of users stage, see note below).



Connecting  to the new service:

For Windows, right click on the lower right tray and find the small globe looking icon.

Right click on the GlobalProtect icon and select Connect.

In the Portal input box use:  uwmadison.vpn.wisc.edu
Use your Netid username and password to connect to the service.


IP Addressing:

When workstations are connected to the GlobalProtect vpn service, the client computers will not be NAT translated while on campus and use the IP address ranges of:

10.130.176.0/20
10.130.176.0-10.130.191.255

All workstations, servers, firewalls, networking equipment will see the 10.130.176.0/20 as a source address.

When workstations are connected to the GlobalProtect vpn service and accessing non-campus Internet sites, the client computers IP source address will be translated to 144.92.38.224/27

Departmental GlobalProtect based WiscVPN Service:

The external Public IP used for GlobalProtect Departmental VPN will be allocated from 144.92.105.0/26  (with some grandfathered exceptions)

The End User IP assignments for Departmental VPN GlobalProtect users will be assigned from 10.130.240.0/20 (with the following exceptions)

fundus  10.130.198.96/27
smph 10.130.201.0/27
VetMed 10.130.225.128/25
VetMed 10.130.228.0/24
HRS 10.130.3.0/24
AIMS-IT  10.130.225.128/27


Filtering:

The new service allows for protection of client devices through the use of URL filtering of malware and phishing sites.  The policy of what is filtered is determined and implemented through the Office of Cybersecurity.   


Tunneling:

The old WiscVPN service allowed the user to pick either off or on campus profiles as a method to pick either fully tunneling all VPN traffic or only traffic to UW campus resources.  The new GlobalProtect VPN service tunnels ALL traffic though campus. 

NOTE: Static WiscVPN Service:

The Static WiscVPN service cannot be run both on the production WiscVPN Cisco AnyConnect service and the Palo Alto GlobalProtect VPN service.

The Static WiscVPN service will be migrated on August 30, 2017 between 5-6AM.

The service does NOT yet support IPv6



 





Keywords:VPN GlobalProtect wiscvpn paloalto palo alto   Doc ID:68164
Owner:Greg P.Group:Network Services
Created:2016-11-01 07:52 CSTUpdated:2017-10-02 11:29 CST
Sites:DoIT Help Desk, Network Services
Feedback:  0   4