With Virtual Private Network (VPN), staff and students can make secure connection from their home computers or mobile devices to the campus network over the Internet. Data transmitted via VPN connection are encrypted. Users can access certain restricted IT services such as DMS, use SPSS and make connection to some central network servers using SFTP client software outside the campus.
The “Palo Alto GlobalProtect” technology (GlobalProtect VPN) was launched in September 2014. The GlobalProtect VPN requires users to install the GlobalProtect software on their device(s). It then establishes a virtual tunnel to the campus network with authentication using the user’s EdUHK network account and password. For security reasons, the GlobalProtect VPN client software should NOT be used on public computers. Please install and use the software only on computers protected with up-to-date anti-virus software and firewall protection.
With effect from 10 Jan 2022, the University’s Virtual Private Network (VPN) service is covered by Multi-Factor Authentication (MFA) on Duo for enhanced protection. Colleagues will be prompted by Duo when they log in the VPN gateway. MFA on Duo provides an additional level of protection for secured login, protecting not only the colleague himself/herself, but also the University. Please see https://www.eduhk.hk/ocio/mfa-duo for more information.
In an effort to provide better user experience for users residing in mainland China, OCIO has subscribed a service via a network operator in China. Starting from 28 May 2020, users can connect to EdUHK VPN using this new VPN gateway in mainland China. For details, please refer to GlobalProtect VPN gateway for Mainland China.
Using GlobalProtect VPN
1. Client Software for Windows and Mac
Desktop computer or notebook users please visit https://vpn.eduhk.hk to download and install the “GlobalProtect” client software.Supported systems:
- Microsoft Windows 7, 8.1, 10 and 11:
- GlobalProtect agent v5.2.12 - Windows 32 bit / Windows 64 bit / UWP ARM Based CPU
- Legacy GlobalProtect agent v3.x - Windows 32 bit / Windows 64 bit
- Apple macOS 10.11 and later - (Download Mac 32/64 bit GlobalProtect agent version 5.2.12) *(Please right click the link and choose "save link as")
- Apple macOS 10.10 and earlier - (Download Mac 32/64 bit GlobalProtect agent version 3.x) *(Please right click the link and choose "save link as")
- Linux (Support CentOS 7, Red Hat Enterprise Linux (RHEL) 7/Ubuntu 14.04 and later releases) - (Download the GlobalProtect app v5.2.6 for Linux .)
Note: For details, please visit Palo Alto Networks® Compatibility Matrix
GlobalProtect portal address configuration
Once you installed the GlobalProtect client on your computer, you have to configure the portal address.
- Click on the GlobalProtect icon on the system tray (For Windows) / menu bar (For macOS), click the more icon and choose settings.
GlobalProtect VPN gateway for Mainland China
In an effort to provide better user experience for users residing in mainland China, OCIO has subscribe a service via a network operator in China. Users can add the new China VPN portal address in GlobalProtect client. For details, please refer to the user guides.
Please refer to the following user guides for detail instructions.
2. Native Apps for Mobile devices
Mobile device users can install “GlobalProtect” app available on Apple App Store (iOS) or Google Play Store (Android).Supported systems:
- Android 5.0 and later
If you have problem to access the Google Play app store, you can download the APK file (GlobalProtect app v5.2.5 for Android )
- Apple iOS 12 and later
Please refer to the following user guides for more information on making VPN connection using the respective mobile apps:
Tips and best practice on using GlobalProtect VPN
- The VPN connection is based on the Internet connection of your device to set up a tunnel back to HK. User are recommended to use a fast and reliable connection to enjoy good VPN experience. After the VPN is connected, you could test the network speed by using "www.speedtest.net" which could measure the network throughout. Anything over 10Mbps is good.
- Mobile network on mobile devices are not designed for long connection, such as, Zoom meeting which requires higher bandwidth and reliable connection throughout the session.
- VPN redirect all the traffic to HK through VPN gateway. If you are in mainland and you just want to access the public web sites in mainland, don’t use VPN as all the traffic will go to HK and back to mainland which introduce unnecessary delay.
- VPN usage might be affected by the “Great Firewall” in mainland and the restriction imposed might change from time to time and from location to location.
Note: VPN connection ceases automatically every 8 hours. The time out for idle sessions is 4 hours.
If you enter gateway error connecting to the VPN as below, please download the "Sectigo Certificate" at here and install on your system.