The City of Worthington has started using Palo Alto Global Protect VPN to enable remote connections.  Each user account will be granted permission for remote access as needed.  Sharing account information with other people is strictly prohibited.  If another user needs remote access, please have the appropriate Department Director contact the City's IT Department. 


The City only allows remote access into our network from secure devices. This includes, but is not limited to, devices must be running updated real time anti-virus/anti-malware software, and are receiving Operating System security updates and patches from the developer. Please note that Windows 7 extended support from Microsoft ends on January 14, 2020. After that time, the City will not allow connections from Windows 7 PCs.  When you connect to the VPN gateway your PC will be evaluated to make sure it meets the security requirements.  You will see a message informing you of any issues that need to be fixed.

The City requires the use of Okta for Multi-Factor Authentication when connecting the the VPN.  Please refer to this article for Okta enrollment help.

To setup the Global Protect VPN client, please follow the steps below. These steps were done using a Windows 10 PC. Your computer may vary. Steps 1 through 5 are only necessary the first time you setup the VPN client on a particular device. Once the client has been installed on the device, for future VPN connections start at Step 6.
 

The City now uses a security certificate issued by a trusted third party that does NOT require to manually install it on the device. You do not need to download and install the security certificates.

  1. Download the appropriate Global Protect VPN client for your computer type.
    1. Android and Apple iOS apps are found in the device's app store.
    2. For Microsoft and Mac devices, Browse to https://v1.worthington.org using a web browser.  (*NOTE*  I have also put copies of the VPN Client installers in the folders below as an alternate download source. For Windows x64 use: GlobalProtect64 msi installer; for Macs OSX use: GlobalProtect pkg installer; for Linux use: PanGPLinux tgz installer)
      1. Log in using your City account credentials.
      2. Select the link appropriate for your device.


  2. Run the VPN Client installer.  You will need Administrator rights to install the client.  Once the install is complete, it may take several minutes for the client to load in the Windows System Tray (By the clock).
    1. The Global Protect VPN client while disconnected looks like: 
    2. If you do not see the Global Protect VPN client after 5-10 minutes, rebooting your computer may be necessary.
  3. Click on the VPN client, then select "Connect". 
  4. Enter v1.worthington.org for the Portal Address.  v1.worthington.org will connect you to the active firewall VPN.  It will automatically re-route to the backup firewall if the primary firewall is offline..  You can also use v2.worthington.org to connect through the backup firewall.
  5. An Okta window will open to log into the Palo Alto Global Protect VPN.  Enter your City account credentials to login.
    1.   
  6. Authorize the Okta MFA prompt to complete the login process.

 

 


Once the VPN is connected your computer is connected to the City's network. You may use a Remote Desktop client to connect to a remote host if needed. Use your City account credentials to login to the remote host. You may need to enter the City's domain "COW" with your username such as cow\myusername. You should now be able to work on that remote computer as if you were sitting directly in front of it. If you are not sure of which remote computer names you have access to connect to, please reach out the City of Worthington IT Dept. Help Desk for assistance in determining the remote host name(s).

When you are finished working with the Remote Desktop, please log out of the remote computer. 

When you are finished working via the VPN, you should disconnect the VPN session via the Global Protect client in the system tray.


 If you have any problems, you may contact the City of Worthington IT Dept. Help Desk for assistance using any of the methods below:


External Phone: 614-842-6328
Internal Ext.: 4000
Email: helpdesk@worthington.org
Portal: https://helpdesk.worthington.org



The section below is no longer needed.  You can stop here!



How to download & install security certificates on Apple iPad & iPhone iOS devices


The hardest part of this process is getting the security certificate files copied to you Apple device.  I was able to install the OneDrive app on my iPad to accomplish this.  


Once you have the OneDrive app installed and connected to the shared folder in Step 1 above, click the 3 dots to the right of the security certificate file you are trying to download.  Then click “Open in Another App”.



Then click “Save to Files”



Select “On My iPad”, then click “Save” in Top Right Hand corner of dialog box.



After you have done this for each security certificate you are downloading, close the OneDrive app, and open the Files app on the Apple device.



In the Files app select “On My iPad” in the left pane.  In the right pane you should see the security certificates you downloaded from OneDrive.  You have to perform the steps below before for each security certificate one at a time before starting a different certificate.  I recommend installing the 3 certificates with “CA” in the filename (Steps 1.a.a, 1.a.b, & 1.a.c in Global Protect VPN Install instructions above) before the others.


Select (tap) one of the certificates.  You should see a message that the Profile Downloaded.  If you download another cert, the previous profile will not be installed, and the profile will need to be downloaded again.

 

 

Go to Settings -> General -> Profiles.


The profile should be available under Downloaded Profiles.

Select / Tap the profile

 

 

Click “Install” in the Upper Right-Hand corner


If the security certificate indicates “Not Verified”, it means that you have not installed and trusted the appropriate “CA” certificate.  Once you install the appropriate “CA” certificate, it should change to “Verified”.

 

 


This step is only necessary for the 3 “CA” certificates (Steps 1.a.a, 1.a.b, & 1.a.c in Global Protect VPN Install instructions above).  You can do this step after you have installed all 3 “CA” profiles.


Go to Settings -> General -> About -> “Certificate Trust Settings”.  You should see the “CA” certificate profile(s) installed above.


Tap the slider so it moves to the right and turns green.


 

The security certificate is installed.  You can go back to the Files app to download and install the next security certificate.  Once you have installed the necessary certificates, you can go back to step 4 in the Global Protect VPN Install instructions to complete that process.