How do I connect to a VPN
In the last post we talked about what a VPN is. This is important as there are nuances to connecting to a VPN that will be easier to tackle when the basics of a VPN are understood, as we’ll talk about here.
As discussed previously, there are different flavors of VPN. We will discuss connecting to the two main flavors which are SSL and client based. Another, formerly common but still sometimes used flavor is L2TP. We will not discuss this here. If your employer is using this type of tunnel, they will likely already understand the added complexities and will have provided detailed instructions on how to connect along with support teams ready to assist.
Let’s start with SSL. These particular VPN connections have minimal required actions. Essentially, you will be given an address to go to by your employer. In most cases this will be in the form of a URL such as VPN.examplecompany.com. Every now and then you may find that your employer just provides you with an IP address such as 188.8.131.52. In either case, you will enter it in the same way and in the same place. That place? Your web browser. Your employer will (or should) have provided instructions for connecting, but here are some things to watch out for. Many companies have additional infrastructure in place that will allow you to simply enter a URL. For example, if you type www.darcskye.com into your web browser, you will be redirected, probably without you noticing, and will end up at https://darcskye.com. Likewise, if you enter darcskye.com into your web browser you will end up at the same place, and if you type http://darcskye.com, you will end up in the same place. However, in the rare instance where such a redirect is not in place, you may find that entering vpn.examplecompany.com will not produce the expected results. Be sure to try https://vpn.examplecompany.com. The key here is the “s” in https. This specifies an SSL, or secure connection which will be required for a VPN connection, for fairly obvious reasons. The other thing to keep an eye out for is browser compatibility. This is becoming less and less of an issue but there are still some instances in which a connection may require a specific web browser. Google chrome, Mozilla Firefox, and Microsoft Internet Explorer (now Microsoft Edge) are the main web browsers for PC. For Macs, Google Chrome and Firefox are available, while Safari is the native (pre-installed) browser. Note: there are a number of other browsers available, but we are assuming that if you use one of those, the trouble you are facing is probably outside of the scope of this post and we encourage you to reach out to us directly for more help.
Moving on to client based VPNs. These VPNs are slightly more involved, but don’t be intimidated, the foundation is the same. The first step in connecting to a client based VPN is, of course, ensuring that you have the client. Which client you will need depends on the equipment that your employer uses to “terminate” the VPN. This simply means that it depends on the type of device that your computer will connect to. The main players here are Forticlient, Cisco Anyconnect, Palo Alto Global Protect, and Checkpoint mobile client. If your employer provided you with a computer, chances are they have already installed the client for you. If you are going to be using your personal computer, or if your employer did not pre-install the client, you will need to do so. Installation is very straight forward. You will use your web browser to navigate to the location where the client is hosted. Fortinet and checkpoint typically require you to download the client from their website, while often times with Palo Alto and Cisco, the client will be stored on the device at your employer’s site. In either case, your employer should provide you with the URL from which you can download the client. Once you’ve downloaded the client, you’ll follow the on screen instructions for installation. Once installed, the process for actually connecting to the VPN varies slightly across the different platforms. See below screenshots for each of the above mentioned clients.
When the checkpoint client is first launched it will recognize that you have not created a connection profile and will ask you if you want to create one. Select yes and it will launch a wizard that will take you through the steps. Complete each step using the information provided by your employer.
Enter the URL/IP address provided by your employer and select connect. A second box will display asking for group policy, username and password. Select the group policy from the drop down as instructed by your employer and enter your username and password. In most cases this will be the same username and password that you use to log into your computer at work.
FortiClient typically does not open by default to the VPN screen so you will need to locate it on the left side and click on it. FortiClient has many options. Your employer should have provided you with instructions on how to fill out each. A point of note: FortiClient will be defaulted to SSL. While in some cases this is correct, many times you will need to change this to “IPSEC”.
In settings under the “general” tab, you will need to select “add”. Enter the URL/IP address provided by your employer. Once you select connect you will be asked for your username/password. The client will then collect all needed information from the destination device.
In all of the client based connections, once you are connected, you can proceed as normal. Internal websites, applications, documents and other content will be available in the same way that it would be in the office. If you are connected and find that some items that you had access to in the office are no longer available, you will need to reach out to your company’s IT support as they may need to adjust the permissions for your connection.
Keep in mind that for any VPN connection to work, it is universally required that you have a working internet connection. If you are having trouble with your internet connection, please take a gander on over to our WFH help forum where there is a section for just that. We are regularly monitoring the forum, but even if we do not provide an immediate response, you just may find that others using the forum will.
If you work in the network/cybersecurity department and your company is experiencing trouble establishing or maintaining remote access infrastructure, please reach out. We will be happy to discuss support options.