• Report an Incident
• Incident Information
• Self Service Security
• Services and Products
  • AntiVirus
  • AntiSpyware
  • Host Firewall
  • Pointsec
  • Remote Access (VPN)
    • Getting VPN Access
    • Web SSL VPN
      • Web SSL VPN FAQs
      • Web SSL VPN Platforms
    • VPN General FAQs
  • Customer support
• Best Practices
• Policies, Guidelines and Procedures
• Security Awareness, Training and Education (SATE)
• Vulnerability Information
• About EIS
• What's New

---

Web (SSL) VPN FAQs

If you don’t understand or are unsure of the meaning of any technical terms contained in these FAQs, please visit http://en.wikipedia.org for up-to-date technical and acronym definitions.

• General Technical FAQs
• Windows Specific FAQs
• MacOS X Specific FAQs
• Other Operating Systems FAQs

Additional assistance:

Students: See here for contact information.

Campus Faculty & Staff: Contact your department’s Computer Support Coordinator (CSC).

Medical Center Staff: Call the OAAIS Customer Support Center at 514-4100, option 1, or submit a support ticket to Online Customer Support at http://help.ucsf.edu. NOTE TO VENDORS: Please direct questions to your Departmental Contact.

Technical FAQs

What is Web (SSL) VPN?

The Web SSL vpn@UCSF system is a virtual private network system providing access to UCSF Computing Network resources to remote users.

How does Web (SSL) VPN Work?

The Web (SSL) vpn@UCSF system works by communicating over standard HTTPS protocols allowing it to work through most firewalls and proxies. It does this by running Java software in your web browser to create a virtual network connection between your computer and the Web (SSL) vpn@UCSF systems.

How do I get the correct VPN Client?

The Web (SSL) VPN system provides the client on-demand. This means it will load the client within your web browser when you access the service and remove it again when you log out. For some systems you need to have administrative privilege on the computer to use advanced VPN functionality.

What operating systems work with VPN?

The basic web browsing features of the Web (SSL) VPN system work with almost all graphical web browsers. The most advanced functionality is only supported on Windows with Internet Explorer and MacOS X with Safari.

Please see our Web VPN Supported Platforms page for specific information on which operating systems, web browsers, and versions of Java are supported.

Can I use VPN to access the UCSF network and/or departmental resources if my computer is located on another organization’s network that is behind a firewall?

Yes, the basic functionality of the Web (SSL) vpn@UCSF service is communicated over standard web protocols and should work through almost all firewalls.

The Network Connect utility may be restricted depending on the local security policy and might not function.

I already have a VPN client installed on my PC. I want to make sure there will be no software compatibility issues.

It is safe to use the Web (SSL) vpn@UCSF system if you have other VPN clients installed on your computer.

We do not recommend attempting to use more than one VPN system at a time.

What is split tunneling?

Split tunneling is where your computer can send information out in more than one direction at a time. Generally when a computer is connected to a network (whether through VPN, DSL, or an office connection) all of its communications go through that single connection. When you have a VPN running, your computer has a choice - either to send the traffic through the VPN or through the normal network connection.

If split tunneling is enabled, then traffic going to UCSF would use the VPN and traffic to other sites (like Google and Yahoo) would not use the VPN. If split tunneling is not enabled then all traffic (even traffic to the computer next to yours) goes to the VPN system first and then to its real destination.

Does VPN allow split tunneling?

With the Web (SSL) vpn@UCSF system the answer depends on what features you are using.

For Web, File, and Terminal Services:

Yes. When you are accessing web or file servers or any of the features in the Terminal Services window, only the traffic you launch from the Web (SSL) vpn@UCSF home page goes through the VPN. All other communcations go directly to the destination.

NOTE: It is easy to stop using the SSL vpn@UCSF system if you are web browsing by using browser bookmarks or entering a new URL in to the browser's URL window. Please access all web sites either through the Web (SSL) vpn@UCSF browse window or by clicking links on sites you have alerady accessed.

For Network Connect:

No. When you are using the Network Connect client you are connected to the UCSF Computing Network in the same manner as the Nortel VPN service previously offered by UCSF. This means that all traffic must first go to the UCSF Computing Network before it is sent to its final destination.

NOTE: For user convenience we have made one acception to this policy. We have enabled the ability for you to access local network resources which do not require a route. This means you will still be able to access your companion or roommate's computers, local music servers, and other network devices (like a Tivo).

Why does the Web (SSL) VPN think I'm already connected when I log in?

If you did not click one of the the "log off" links provided by the system but lose connection to the Web (SSL) vpn@UCSF system, it may think you are still connected.

The Web (SSL) vpn@UCSF system only allows you one login at a time.

My VPN session automatically quits on me. Is there an automatic timeout for a VPN session?

Yes. If your VPN session is idle for sixty minutes your session will automatically be disconnected. With most browsers you will be warned by a pop-up before you are disconnected.

Windows Specific FAQs

Can I use Microsoft Java or should I upgrade to Sun Java?

To access all of the features of the Web (SSL) vpn@UCSF system you need to upgrade to Sun Java. Basic functionality works with Microsoft Java.

Please see How to Update Java for more information.

Can I access VPN on a Windows PC attached to my home LAN using Microsoft Internet Connection Sharing?

Yes, as a web protocol, the basic features of the Web (SSL) vpn@UCSF service should work behind Microsoft Internet Connection Sharing.

MacOS X Specific FAQs

What version of the Apple Airport Base Station is supported by VPN?

All versions of the Apple Base Station are supported by the Web (SSL) vpn@UCSF system.

Other Operating System FAQs

Can Linux or UNIX systems use the SSL VPN?

Yes, the web and file browsing functionality works with almost all types of graphical web browsers and some additional advanced features work with specific UNIX and *NIX like platforms.

Please see our SSL VPN Supported Platforms page for specific information on which operating systems, web browsers, and versions of Java are supported.

Can mobile devices use the Web (SSL) VPN?

Yes, the web and file browsing functionality works with almost all types of graphical web browsers whether they are on phones, PDAs, or public access terminals.

Please see our SSL VPN Supported Platforms page for specific information on which operating systems, web browsers, and versions of Java are supported.

Go To: SSL vpn@UCSF
Go To: vpn@UCSF

Please tell us what you think of our new website