it.ucsf.edu

VPN Frequently Asked Questions

Robert Tannenbaum's picture

Starting 12/5, VPN will require dual-factor authentication  

Instructions here  

Project Information Details 


General Information

What is a Virtual Private Network?

A virtual private network (VPN) extends the UCSF network across a public network, such as the Internet. It enables a computer or smart phone to send and receive encrypted data across public networks as if it were directly connected to the UCSF network.

A VPN allows UCSF staff to securely access the UCSF intranet while away from their office, lab or classroom. A VPN also secures a user’s transactions for the purpose of protecting personal identity and location.

 

What is UCSF’s VPN?

UCSF uses the Pulse Secure remote access system to provide VPN services to the UCSF community.  The system is physically and geographically redundant to ensure uninterrupted service during outages or catastrophic events.

There are two ways to access VPN:

  • Download and install one of the Pulse Secure VPN clients at http://software.ucsf.edu
    • ITFS-supported clients will get Pulse Secure as part of the standard desktop image
  • Logon to the VPN web portal at https://remote.ucsf.edu with your AD credentials

VPN Web Portal (https://remote.ucsf.edu)

What is a web portal?

The VPN web portal provides secure access to UCSF networked resources without installing a desktop client. An ssl tunnel is created from your web browser to the UCSF VPN server. You can access websites, remote desktop sessions and other UCSF resources from inside the connected browser. Anything outside the browser is not secured.

Users can create bookmarks to frequently used resources (e.g., iMedRIS, HBS, MyReports, MySoft, PeopleSoft, Weblinks, etc.)

What operating systems are compatible with the VPN?

Pulse Secure Desktop Client

  • Windows 7-10, Mac OS X 
  • Linux CentOS, RedHat, Debian and Ubuntu

Mobile Devices

  • Android devices
  • IOS devices

Web portal

  • Firefox, Chrome, IE

Can my mobile device connect with VPN?

The UCSF Service Desk does not currently support mobile devices or tablets.   However, you can download the Pulse Secure mobile client from either Google Play or the App Store.  Enter https://remote.ucsf.edu/pulse for the connection url.  

Is my usage logged or tracked?

Use of the UCSF VPN is subject to the UC Electronic Communications Policy: http://policy.ucop.edu/doc/7000470/ElectronicCommunications.

Computers using the Junos Pulse client must adhere to the UCSF Minimum Security Standards.

I am connected to VPN. How do I connect to my office computer remotely?

In order to configure your computer for remote desk top, please contact the ServiceDesk since this may require a local administrator privilege.

How do I connect using the Pulse Secure client?

Right-click on the Pulse taskbar icon and select "UCSF Remote Dual-Factor", click on Connect.  Enter credentials and click OK.  A second dialog box will appear asking for a second password.  Enter "push", "sms" or "phone" to validate the second-factor authentication.  

Second-factor authentication details at https://it.ucsf.edu/projects/duo-two-factor-authentication-project.

How do I add bookmarks in the VPN web portal?

  •  In the Web Bookmarks section, click the plus sign that appears on the right hand side. In the Bookmark Name field enter the name that you want to appear in your Web gateway list for this connection; in the URL field enter the complete URL for the application you are adding. Click Add Bookmark. The new bookmark will appear on your homepage underneath the system-defined entries.
  • To add a bookmark to a terminal-based application, in the Terminal Sessions section, click the icon of the computer with a plus sign that appears on the right hand side. Select SSH, telnet, Citrix or Windows Terminal Services from the Session Type dropdown. Enter the appropriate information then click Add. The link will appear on your homepage.

Some of my web portal bookmarks do not work

Please make sure your bookmark is using a FQDN (Fully Qualified Domain Name). For example you may have a bookmark that’s mapped to URL https://apexconnect .

This bookmarks needs to be updated to URL https://apexconnect.ucsfmedicalctr.org .

Another example is http://hr – since hr.ucsf.edu and hr.medicalcenter.org are two different sites, your bookmark needs to be updated with FQDN of the correct site.

I can’t browse to a UCSF or UCSF Medical Center website from the web portal

Make sure you use the full website address and not just the host name. For example:

Will I still have access to local network printers/servers while I am connected to the VPN?

It depends.  Pulse Secure client connects your computer to the UCSF network and all the resources you would have available if you were at work.  While connected, you do not have access to local network printers or other resources.  The VPN web portal only connects your web browser to UCSF.  You will still be able to access local resources.

How long can I stay connected to the VPN?

A session is limited to 10 concurrent hours.

Sessions with no activity for 60 minutes will be automatically logged out.

You will be offered the option to extend your session 10 minutes before it expires.

The remaining session time is displayed:

  • In the upper right-hand corner of the web portal screen
  • By clicking on the Junos Pulse taskbar icon, select Open Pulse, click on UCSF Remote Access and select Advanced Connection Details.

Can I establish a VPN connection from more than one computer at a time?

No. You can have a single web portal or Junos Pulse session at a time.

My VPN client shows I am connected, but I cannot reach any resources.

Please disconnect and re-connect to VPN using the same client pointing to https://remote.ucsf.edu/pulse before contacting the Service Desk (415-514-4100).

How do I disconnect from the VPN?

  • Pulse Secure - right click the Pulse Icon in the system tray, select the active session, and choose Disconnect
  • Web portal – Click the Sign Out icon (upper right-hand corner)

I need to give an external contractor access to the network. Is this still possible?

Yes. Request a unique AD id for your contractor following account request procedures. For medical center account request at https://it.ucsf.edu/services/medical-center-account-request; for campus account request at https://it.ucsf.edu/services/it-account-request-forms

Who do I contact if I’m having problems?

  • First level of support the Support Desk - 415.514-4100
  • Report via ServiceNow https://help.ucsf.edu/
  • Escalation will automatically occur to resolve problems