CSUDH SSL vpn user guide

To access CSUDH network securely from a remote location, CSUDH have implemented Juniper Networks SSLvpn technology. SSLvpn is a web based technology and does not require installation and configuration of a client software on a remote PC. Please follow the instructions below about how to access and use SSLvpn.

Access to SSLvpn:

All CSUDH users who have a network/email account will have access to SSLvpn restricted mode. If you need full vpn access to CSUDH network, please fill out the account request form located under Helpdesk menu and specify why you need full vpn access.

Prerequisites

Before you connect to the CSUDH SSL vpn appliance, you must meet the following Pre-requisites:

  • Administrator access on the PC from where you are trying to acess vpn.
  • If you are using Internet Explorer (not a requirement for safari or firefox), you need to make sure that signed actingX control is enabled or set to prompt in your browsers' security setting. This article explains how to find out activeX control settings in your browser.
  • Make sure that you have the latest version of java installed in your computer. To find out whether or not you have java or to download the latest version, go to: http://www.java.com

Connecting to CSUDH SSL VPN appliance

To connect to the CSUDH SSL vpn appliance, follow the steps below:

  • Launch your favorite Internet browser (Intenet Explorer, Firefox or Safari). Note: Google Chrome is not supported at this time.
  • In the address bar, type: https://sslvpn.csudh.edu (for regular users) and press Enter. If you need full network access via SSL VPN server, go to: https://sslvpn.csudh.edu/full/ .You will be connected to CSUDH SSL VPN sign-in page.
  • In the username and password box, type your CSUDH email/network username and password.
  • In the Realm drop down menu, choose appropriate realm and click on Sign In Button. Realms are explained below.

Realms

By default, all CSUDH faculty/Staff will be placed in to restricted access when you select Faculty/Staff realm.

Faculty/Staff (Restricted Access):

In restricted access mode, remote computers are not assessed and analyzed against CSUDH host checker policy. Hence, even though your computer is not up to date with latest patches, antivirus definitions etc. You are allowed to access certain resources via the secure SSL vpn appliance. In this mode, your computer does not get a CSUDH private ip address. You only interact and access resources from the secure SSL vpn portal page. Below is a list of what you can and can't do in Restricted Access:

Available:

  • File browsing only from available CSUDH file sharing servers.
  • Web browsing to internal CSUDH web sites including outlook web access.
  • Terminal services (remote desktop) or SSH/telnet access
  • Microsoft Outlook Client via Windows Secure Access Manager

Not Available:

  • External programs such as ftp (WS_FTP), ssh (XShell) etc.
  • Upload files to internal CSUDH file servers or your office computer.
  • Network protocols such as ping, traceroute etc.

Faculty/Staff Full Access:

Full access allows a vpn user all the services that restricted access offers plus full access to the CSUDH network. If you are granted full access, your computer will get a CSUDH private IP address. You can use external programs such as Microsoft outlook (without using WSAM), ftp/ssh, remote desktop (using windows remote desktop client), upload and download files to CSUDH file servers directly from your home/remote computer. To be granted full access, your remote computer has to pass CSUDH host checker policy. Currently the policy will make sure that your computer passes the following tests:

  • OS Checks: Checks for latest windows OS service packs. For a list of checked service packs, click here.
  • Antivirus: Checks for at least one Antivirus software with latest definition file and real time protection enabled. For a list of supported antivirus, click here.
  • Firewall: At least one firewall installed and enabled. For a list of supported firewall, click here.
  • Patch assessment: Critical and important patches for Microsoft Windows, Microsoft Office, Adobe software's (acrobat, flash), popular browsers (IE, Firefox, Safari) etc.

Note: Currently only windows computers are being assessed against CSUDH host checker policy. Macintosh users doesn't have to fulfill these requirements.

After you choose Faculty/Staff Full Access realm and sign in for the first time, Juniper's host checker program will be downloaded and installed in your computer. If you see a bunch of prompts asking for permissions, please click on yes, and let the program finish the installation. If you do not click on Yes, the program will not be installed properly and you will not be able to log in. After the program finishes installation, your computer will be checked against the CSUDH Host Checker policy.

Note: It takes few minutes when the host checker program runs and checks your computer against the CSUDH host checker policy. Please be patient at this stage and do not try to close the program or the browser. You will not be able to login until the program finishes.

When the Host Checker program finishes and

  • If your computer passes: against the host checker policies, a new program called Network Connect will be installed if you are connecting for the first time. After the Network Connect program is installed, it will be launched automatically every time you connect to the Faculty/Staff Full Access realm. Network Connect program is explained here.
  • If your computer do not pass: against the host checker policies, you will be presented with a list of patch/s that are missing from your computer. The list will also include a link to the vendors' web site where the patch can be found. At this time, Juniper SSL vpn appliance do not support automatic remediation for patches. Which means you will have to download the patches and install them on your own in order to bring your computer to compliance.

Vendors:

This realm is only for CSUDH external users such as guests, vendors etc who needs to access certain internal resources.

Using CSUDH SSL vpn portal page

Both full access and restricted access will take you to the CSUDH SSL vpn portal page. This page will have predefined resources such as bookmark to most used CSUDH web sites, department folders etc. In addition you can create your own bookmark in this page.

Frequently Asked Questions for SSLvpn