In the upcoming weeks, enterprise remote caregivers will have a new method for securely connecting to PSJH assets using the GlobalProtect Client VPN solution from Palo Alto network. The main benefit of this new VPN technology is always-on access to your VPN while working remote, versus having to login every time, as was required by the earlier VPN solutions across PSJH. This new VPN technology enhances the protection we extend to our mobile workforce outside the traditional network perimeter.
During its initial release, all existing VPN users who possess a PSJH-issued and -managed laptop will be automatically connected to the new solution. Qualifying users can download and install the client from the Software Center. (Click here for the install procedure.)
The GlobalProtect Client VPN solution provides a consistent experience improving caregivers’ workflows while working remote.
Existing VPN applications like Cisco AnyConnect and Juno Pulse will be decommissioned at a future date.
GlobalProtect differences from current VPN solution:
- Always-on – VPN connection to PSJH is maintained at all times, whether on-premises or remote your laptop will always be connected to VPN (first GlobalProtect VPN connection must be established when not on-premises)
- Split-tunnel vs full tunnel – prior solution only traffic to PSJH resources was secured. In order to provide full security and to comply with on-premises security uniform GlobalProtect is full tunnel, all traffic Internet and PSJH bound is going through the VPN
- Client can be disabled for 30 minutes at a time with provided reason
Using GlobalProtect with other VPN clients you may have installed (Junos Pulse or Cisco AnyConnect):
Caregivers can only use one VPN technology at any given time. If you find that the GlobalProtect (GP) solution is not working for you, please disable GP before using either Pulse Secure or Cisco AnyConnect. If GP is not disabled, your laptop will not be able to connect to PSJH internal resources and may freeze, requiring a reboot.
See bullets below for various scenarios, depending on your access needs, or read the full memo here.
GlobalProtect and other VPN clients:
- If your connection to GlobalProtect is successful do not connect to Cisco AnyConnect or Pulse Secure VPN client
- GlobalProtect connects automatically and stays connected all the time (always-on), no Cisco AnyConnect or Pulse Secure connection is necessary
- Check if GlobalProtect VPN client is already connected
GlobalProtect basic troubleshooting:
- First GlobalProtect VPN connection must be when not on-premises
- Make sure to have proper Portal – gpnorth.providence.org
- Make sure you are using a PSJH issued computer
- User your Windows credentials to access VPN
- If you have trouble connection, try “Refresh Connection”
What’s Next?
These implementations are just the latest of several important Security initiatives designed to provide caregivers with efficient and secure access to critical applications and technology tools. Immediately following completion of these projects, you will be briefed on PSJH’s Azure SSO initiative which will consolidate the PSJH and SJH OKTA SSO environments into one Enterprise standardized SSO environment with MFA security requirements. This project will be completed in December and impact PSJH. Look for more information in September.
Contacts & Resources
If you require assistance, contact the Service Desk at (877) 552-7547.