On Tuesday, April 12, we will be making changes to the lab VPN system that will impact all VPN users. Please read on for important information regarding these changes.
WHAT ARE WE DOING?
The lab VPN system will be changed to disable split tunneling for Fermilab employees, but it will remain enabled for visitors, subcontractors, and affiliates.
When split tunneling is enabled, only traffic to Fermilab’s on-site resources is sent via the VPN tunnel. When split tunneling is disabled, all network traffic, including traffic to resources outside of the lab network, will be sent via the VPN tunnel. This means that traffic to external resources will pass through cybersecurity inspection, just as on-site traffic does.
With this change, anyone attempting to log in to VPN will see a changed login prompt with new dropdown menu options as described further below.
WHEN WILL THIS OCCUR?
The change to the user profile options on the VPN login prompt will occur on Tuesday, April 12, between 7 a.m. and 4 p.m.
WHAT IS THE IMPACT TO YOU?
- During the change window listed above, anyone already logged into VPN should be unaffected. If you attempt to log in during the change window, you will be required to select the correct user profile (see below). If you select an incorrect option, you will receive a “Login failed” message. Select the correct VPN user profile and make a new login attempt.
- After the change, you must choose the appropriate VPN user profile as follows:
All VPN users who are not Fermilab employees (i.e., visitors, affiliates, and subcontractors) should select either of the following GENERAL user profiles from the dropdown menu on the new VPN login prompt:
- YUBIKEY USERS who are NOT FERMI employees, select 01_General-Users-YubiKey
- RSA TOKEN USERS who are NOT FERMI employees, select 02_General-Users-RSA
Fermilab employees (including CCD employees, who previously used CCD profiles) must select either of the following user profiles from the dropdown menu on the new VPN login prompt:
- FERMI EMPLOYEES who use a YUBIKEY, select 03_Fermi-Employees-YubiKey
- FERMI EMPLOYEES who use an RSA token, select 04_Fermi-Employees-RSA
Any other options you might see should be used only if specifically instructed to by support staff.
WHAT DO YOU NEED TO DO?
When attempting to log in to VPN beginning Tuesday, April 12, select the appropriate VPN user profile as described above.