This content is viewable by Everyone
UCSF uses the Ivanti, formerly known as Pulse Secure remote access system to provide VPN services to the UCSF community. The system is physically and geographically redundant to ensure uninterrupted service during outages or catastrophic events.
How do I access the UCSF VPN?
- There are three ways to access the UCSF VPN:
What does the UCSF VPN web portal do?
- The VPN web portal provides secure access to UCSF networked resources without the need to install a desktop client. An SSL tunnel is created from your web browser to the UCSF VPN server.
- You can access websites, remote desktop sessions and other UCSF resources from inside the connected browser. Anything outside the browser is not secured.
- Users can bookmark frequently used resources (e.g., iMedRIS, HBS, MyReports, MySoft, PeopleSoft, Weblinks).
What does the UCSF VPN web portal not do?
The UCSF VPN web portal does not:
- Mimic the regular full Pulse Secure client installed locally on workstations.
- Have full access and functionality while connecting to the VPN portal via the Pulse Secure web portal. It has limited capability to access certain internal network resources and applications.
What operating systems are compatible with the UCSF VPN?
(Ivanti, formerly known as Pulse Secure)
Pulse Secure desktop clients:
- Windows 7-10, Mac OS X
- Linux CentOS, RedHat, Debian and Ubuntu (Listed support is for the Pulse Linux desktop client. Not for OpenConnect or any other freeware client. Please refer to vendor guide.)
- Mobile devices
- Android devices
- IOS devices
- Web portals
- Internet Explorer
Can my mobile device connect with the UCSF VPN?
- Yes. As with the Pulse Secure web portal, you can go to your mobile device vendor application store and download DUO client.
- Users should not expect to have full access and functionality while connected to the VPN portal using a mobile device.
Is my usage logged or tracked?
- Use of the UCSF VPN is subject to the UC Electronic Communications Policy
- Computers using the Junos Pulse client must adhere to the UCSF Minimum Security Standards.
I am connected to the UCSF VPN. How do I connect to my office computer remotely?
- If you have permission, connect to your remote desktop client. Enter the workstation or server IP address to initiate RDP connection.
- If you don't have permission, you may need local administrator privilege to access remote resources. Contact the IT Service Desk.
How do I connect using the Pulse Secure client?
- Click on the Pulse Secure taskbar icon. (Ivanti, formerly known as Pulse Secure)
- Select UCSF Remote Dual-Factor.
- Click Connect.
- Enter your credentials and click OK.
- A second dialog box will appear, asking for a second password.
- Enter push, sms or phone to validate the second-factor authentication.
- Alternatively, generate a 6-digit code from your mobile phone DUO client and enter it into the secondary password field.
How do I add bookmarks in the web portal?
- In the Web Bookmarks section, click the plus sign that appears on the right-hand side.
- In the Bookmark Name field, enter the name that you want to appear in your web gateway list for this connection.
- In the URL field, enter the complete URL for the bookmark you are adding.
- Click Add Bookmark. The new bookmark will appear on your homepage underneath the system-defined entries.
To add a bookmark to a terminal-based application:
- In the Terminal Sessions section, click the "computer with a plus sign" icon that appears on the right-hand side.
- From the Session Type dropdown, select SSH, telnet, Citrix or Windows Terminal Services.
- Enter the appropriate information, then click Add. The link will appear on your homepage.
Some of my web portal bookmarks do not work. What should I do?
- Make sure your bookmark is using a Fully Qualified Domain Name (FQDN) that is correct for the site you are bookmarking. For example, suppose you have a bookmark that is mapped to URL https://apexconnect. To be an FQDN, this bookmark will need to be updated to URL https://apexconnect.ucsfmedicalctr.org.
- Another example: http://hr. Because "hr.ucsf.edu" and "hr.medicalcenter.org" could be two different sites, your bookmark needs to be updated with the FQDN of the correct site.
I can’t browse to a UCSF or UCSF Medical Center website from the web portal. What should I do?
- Make sure you use the full website address, not just the host name. Examples:
- https://apexconnect.ucsfmedicalcenter.org instead of https://apexconnect
- http://hr.ucsfmedicalcenter.org instead of http://hr
- https://hr.ucsf.edu/hr.php instead of http://hr.
Will I still have access to local network printers and servers while I'm connected to the VPN?
- The answer varies:
- Pulse Secure client connects your computer to the UCSF network and all the resources you would have available if you were at work. While connected, you do not have access to local network printers or other resources.
- The VPN web portal only connects your web browser to UCSF. You will still be able to access local resources.
How long can I stay connected to the VPN?
- A session is limited to 16 concurrent hours. Sessions with no activity for 60 minutes will be logged out automatically. You will be offered the option to extend your session 10 minutes before it expires.
- You can view your remaining session time by (1) looking in the upper right-hand corner of the web portal screen or (2) clicking on the Junos Pulse taskbar icon:
- Select Open Pulse and click on UCSF Remote Access, then select Advanced Connection Details.
Can I establish a VPN connection from more than one computer at a time?
- No. You can connect with only a single web portal or Junos Pulse session at a time.
My VPN client shows I am connected, but I cannot reach any resources. What should I do?
- Disconnect, then reconnect to VPN using the same client pointing to https://remote-vpn01.ucsf.edu/pulse. If you still cannot connect, contact the IT Service Desk at 415-514-4100.
How do I disconnect from the VPN?
- Pulse Secure: Right-click the Pulse Icon in the system tray, select the active session, and choose Disconnect.
- Web portal: Click the Sign Out icon (upper right-hand corner).
I need to give an external contractor access to the network. Is this still possible?
- Yes. Request a unique AD ID for your contractor, following account-request procedures.
- For a medical center account request, go to https://it.ucsf.edu/services/medical-center-account-request.
- For a campus account request, go to https://it.ucsf.edu/services/it-account-request-forms.
Whom do I contact if I’m having problems?