Introduction

From mid-September 2024, Monash University will begin transitioning from Cisco AnyConnect to Palo Alto GlobalProtect as its preferred VPN client.

The steps below will help you inspect your existing Security Groups and Rules.

Login to Nectar Dashboard

Visit the Dashboard at https://dashboard.rc.nectar.org.au/ and use your Monash/AAF credentials to login.

Ensure the Project Selector (top left hand side of the page) indicates the project you want to work in:

Navigate to Project / Network / Security Groups in the navigation panel on the left hand side.

You will now see a list of the Security Groups that are available in your project.

If you see a group that is named vpn or similar, click the Manage Rules option in the Action Menu button beside this group

A list of Rules is displayed that are part of this Security Group. This is where you will add the new rules for the GlobalProtect VPN IP range.

Manage Rules

You will need to create a new rule for the GlobalProtect VPN IP range. Click Add Rule.

In the Add Rule dialog box, select the appropriate Rule to add. In most cases, there will be an option for the type of traffic you are seeking to allow  (ie, HTTPS, SSH etc). If a pre-prepared rule is not available, choose Custom TCP Rule or Custom UDP Rule based on your application.

The CIDR is where you will specify the GlobalProtect VPN range. If you want staff to have access, add the range for Staff, and if you want students to have access, add the range for Student

• Staff VPN range: 10.44.0.0/17
• Student VPN range: 10.44.128.0/18

If you require both staff and students to have access, you will need to create one rule for each cohort.

Be sure to click Add to save your new rule.

You should now have a new rule similar to the one in this image:

Testing

Visit the Monash University GlobalProtect VPN gateway to download the client before testing.