Unmanaged computers that need additional access to internal resources (e.g., remote desktop into an on campus system, mapped network drives, hosted servers) via VPN/GlobalProtect must first go through the security steps outlined in this article. By adhering to these safeguards, you're helping to protect our network and maintain secure access for all users.
Step 1: Install GlobalProtect/VPN Software
Visit https://download.mines.edu/GlobalProtect/ and select the applicable version. For more detailed instructions refer to this knowledge base article: GlobalProtect VPN Setup Guide.
Windows & macOS
Double-click the downloaded package and proceed through the installation wizard (administrator rights are required.)
Supported Linux versions
-
Modern Debian variants, including Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, & Ubuntu 24.04 LTS, run command from directory in which the downloaded file resides:
-
Redhat Enterprise Linux 9 (plus any compatible variants) and Fedora 40/41, run command from directory in which the downloaded file resides:
Step 2: Pass HIP Checks in GlobalProtect
We require Host Information Profile (HIP) checks for unmanaged computers before granting network access via VPN. Ensure your computer meets the following requirements:
- Anti-Malware: Installed and enabled
- Automatic Updates: Enabled
- Firewall: Installed and enabled
Follow the instructions below to complete HIP checks via GlobalProtect. If your computer doesn't pass the checks, troubleshooting tips are offered later in this article.
1. Open GlobalProtect and make sure you're connected. Locate and click on the hamburger icon in GlobalProtect. Click Settings.
2. On the left-hand side of the Settings screen, click on the Host Information Profile section.
3. Expand categories and look for anti-malware, firewall, and patch-management.
4. Under each of these you can dig down to find what needs to be enabled and whether or not it is enabled.
a. Anti-malware: look for anti-malware in the menu and locate the products listed under this category. Click on your anti-malware software (there may be multiple). Under the Product Info, look for Real Time Protection--if it says yes, your anti-malware is enabled.
b. Firewall: look for firewall in the menu and locate the products listed under this category. Click on your firewall software (there may be multiple). Under the Product Info, look to see if your firewall software is enabled (if it says yes, it is enabled).
c. Patch-management: look for patch-management in the menu and locate the products listed under this category. Click on your patch-management software (there may be multiple). Under the Product Info, look to see if your patch-management software is enabled (if it says yes, it is enabled).
Alternatively, you may submit your computer to the IT Service Desk for HIP checks by filling out this form.
IMPORTANT: After your computer passes HIP checks, you must complete a form to request access to internal resources (e.g., remote desktop into an on campus system, mapped network drives, hosted servers) via VPN/GlobalProtect. To request access to internal resources, fill out this form.
Troubleshooting HIP Check Issues
a. Enable a Firewall
Ensure your device has an active and supported firewall. If the "Active Firewall" HIP check fails, you’ll see this message in GlobalProtect VPN: “No firewall detected: Please enable a firewall.”
To resolve this:
Windows
Enable your system's built-in firewall by following the instructions outlined in this article.
MacOS
Ensure your Mac's firewall settings are properly configured. Select your MacOS version on this site for detailed instructions.
Linux
On supported Linux machines (Modern Debian variants, including: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, & Ubuntu 24.04 LTS, Redhat Enterprise Linux 9 (plus any compatible variants) and Fedora 40/41) please run:
Red Hat Enterprise Linux 9 & Variants / Fedora:
Debian / Ubuntu Variants:
b. Enable Automatic Updates
Your system must have an active package-management or auto-update solution. Recommendations:
Windows
Enable automatic updates on your system by following the instructions outlined in this article.
MacOS
Enable automatic updates to keep your Mac secure. Choose your MacOS version on this site for for step-by-step guidance.
Linux
On supported Linux machines, Debian and Redhat/Fedora variants also feature a “software update” service that notifies about or auto-updates core packages, as needed.
Red Hat Enterprise Linux 9 & Variants / Fedora:
-
Either:
-
[From command-line] sudo dnf -y update ← depending on what is updated, a reboot may be required.
-
Or use the GUI [Graphical User Interface] tool through which updates can be applied, e.g. in Fedora open the "Discover" application and select, "Updates" and "Update All".
Debian / Ubuntu Variants:
-
Either:
-
[From command-line] sudo apt update && sudo apt upgrade -y ← depending on what is updated, a reboot may be required.
-
Or use the GUI [Graphical User Interface] tool through which updates can be applied, e.g. in Ubuntu open the "Software Updater" application and work through installing any discovered updates.
c. Install and Enable Real-Time Anti-Malware Protection
If the "Anti-Malware" HIP check fails, GlobalProtect VPN will display: “No Anti-Malware software found.”
To resolve this: Install a supported anti-malware solution with real-time protection. Examples include:
- Malwarebytes
- McAfee
- Bitdefender
- ClamAV
Ensure the software is installed, updated, and running with real-time protections enabled.