Palo Alto GlobalProtect (VPN)

What it is and why it may be needed:

Citrix VDI or SecureLink are the recommended methods of secure remote access to Stony Brook Medicine (SBM) resources and should be used by the vast majority of our users.  However, if there is a valid reason these do not provide the necessary remote access for specific applications or scenarios, then the alternative is to use the SBM GlobalProtect VPN. This is available for both faculty/staff as well as support vendors under select circumstances.

If you need this extended access, you must apply for this GlobalProtect VPN access before attempting to configure your device (see process below).   Based on your request, you will be granted access to specific internal resources. 

Details and Setup:

GlobalProtect VPN will allow secure access to select SBM network resources from your home, hotel, etc., using your own internet service provider (e.g. Optimum Online, Verizon DSL, etc.) This VPN access is NOT necessary if you are physically in one of the SBM buildings (UH, HSC, BST, Pavillion, MART, ASC/ACP, Dental School, Tech Park, remote offices, etc.)

This works by installing the GlobalProtect VPN client on your computer and encrypting all the data sent to/from the SBM campus. You will be able to access only resources that are appropriate for your role in the organization.  All data passed over the GlobalProtect VPN connection will be securely encrypted to ensure the confidentiality and security of our patients and all patient-related information.

Requirements:

In order to use the GlobalProtect VPN, there are several user and system requirements.  Please make sure these are in place before attempting to configure.

1) You must have already set up Microsoft Multi-Factor Authentication (MFA).  If you have not, please visit:  MFA Setup Instructions

2) Make sure your computer complies with the requirements below since they will be checked:

• Operating System:  Windows 10 or above, macOS 12 or above.
• You must have admin rights to your computer to complete the installation.
• Required Anti-Malware Application: Real-time protection enabled and updated definitions of this application from one of the vendors below:
  • Palo Alto, Symantec, Avast, Bitdefender, CarbonBlack, Cisco, Crowdstrike, Cylance, Cybereason, Fortinet, Kaspersky, McAfee, Malwarebytes, Norton, Sophos, SentinelOne, Trend Micro, Webroot.
• Computer must be up-to-date with latest operating system patches and have its firewall enabled.

3) Important Note:  When connected to the SBM VPN, all traffic (including Internet) will be sent to SBM for connectivity.  This traffic is logged and subject to web-filtering rules just as if you were onsite.  Please be mindful of this and disconnect when needing to access non-SBM resources.

Setting Up GlobalProtect VPN Client On Your Computer

A. Support Vendors & Stony Brook University (West Campus) Employees

1. System Requirements.
   • You need to have local administrator rights on your computer. Make sure your computer meets the minimum system requirements (see requirements above)
2. UHMC Domain Account &VPN Access:
   • Form 1: You need to have a UHMC Domain account. If you do not have one, please ask your Stony Brook Medicine sponsor to submit a request on your behalf through the following site: https://inside.hospital.stonybrook.edu/app/compacct/
   • Form 2: You will also need to have Remote Access privileges on your UHMC Domain account. Fill out and submit this form to your Stony Brook Medicine sponsor: https://extranet.stonybrookmedicine.edu/sites/default/files/vendorras_0.pdf
   • Form 3: Ask your Stony Brook Medicine sponsor to submit a TeamDynamix ticket and attach the form(s) above. The TeamDynamix ticketing system can be accessed by going to the following site: https://stonybrookmedicine.edu/help
         Request Services > Network/WiFi/VPN > VPN > Request VPN Access
3. Installation/Use Instructions
   • After you have received confirmation that your account has been created and/or granted VPN access, proceed to the following webpage below to access instructions for your operating system: Instructions

B. Stony Brook Medicine Faculty/Staff

1. System Requirements.
   • You need to have local administrator rights on your computer. Make sure your computer meets the minimum system requirements (See requirements box above)
2. UHMC Domain Account & VPN Access:
   • You will need to have a valid UHMC Domain account. If you do NOT have a UHMC Domain account, please ask your supervisor or administrator submit a request on your behalf through the following online form: https://inside.hospital.stonybrook.edu/app/compacct/
   • Once you have a UHMC account, you will need to open a TeamDynamix Service Request: https://stonybrookmedicine.edu/help
     Browse to Request Services > Network/Wifi > VPN > Request VPN Access and provide all required information.
   • You will need to wait until you receive confirmation of the VPN Access approval.
3. Installation/Use Instructions
   • After you have received confirmation that your account has been created and/or granted VPN access, proceed to the following webpage below to access instructions for your operating system: Instructions

If you have any questions, please contact the Stony Brook Medicine Help Desk at (631) 444-HELP.