The Fermilab VPN system has changed

Dear VPN user,

We have completed making changes to the lab VPN system. Please read on for important information regarding these changes.  

 

 

WHAT ARE WE DOING?

The lab VPN system has been changed to disable split tunneling for Fermilab employees, but it remains enabled for visitors, subcontractors, and affiliates.

When split tunneling is enabled, only traffic to Fermilab’s on-site resources is sent via the VPN tunnel. When split tunneling is disabled, all network traffic, including traffic to resources outside of the lab network, will be sent via the VPN tunnel. This means that traffic to external resources will pass through cybersecurity inspection, just as on-site traffic does.

With this change, anyone attempting to log in to VPN will see a changed login prompt with new dropdown menu options as described further below.

WHAT IS THE IMPACT TO YOU?

When logging in to the Fermilab VPN system, you must choose the appropriate VPN user profile as follows:

All VPN users who are not Fermilab employees (i.e., visitors, affiliates, and subcontractors) should select either of the following GENERAL user profiles from the dropdown menu on the new VPN login prompt:

  • YUBIKEY USERS who are NOT FERMI employees, select 01_General-Users-YubiKey
  • RSA TOKEN USERS who are NOT FERMI employees, select 02_General-Users-RSA

 

Fermilab employees (including CCD employees, who previously used CCD profiles) must select either of the following user profiles from the dropdown menu on the new VPN login prompt:

  • FERMI EMPLOYEES who use a YUBIKEY, select 03_Fermi-Employees-YubiKey
  • FERMI EMPLOYEES who use an RSA token, select 04_Fermi-Employees-RSA

Any other options you might see should be used only if specifically instructed to by support staff.

 

WHAT DO YOU NEED TO DO?

When attempting to log in to VPN, select the appropriate VPN user profile as described above.