1

Virtual Private Network (VPN)

Frequently Asked Questions
PLEASE NOTE: This is a living document and will be updated
regularly
Contents
1

Glossary..........................................................................................................................3

Supported Client Platforms.............................................................................................3

2.1

What operating systems does F5 VPN support..........................................................3

Generic Questions...........................................................................................................3
3.1

Where are the locations I can connect to?.................................................................3

3.2

VPN Tokens.................................................................................................................4

3.2.1 What types of Tokens are there?..........................................................................4

3.2.2 What is a Hard Token?..........................................................................................4
3.2.3 What is a Soft Token?...........................................................................................4
3.2.4 What is a Mobile Soft Token?................................................................................4
3.2.5 Where can I request a Token?..............................................................................4
3.2.6 Why PIN+Token authentication over SSO Password and Certificates?.................6
3.3

Connections...............................................................................................................6

3.3.1 What is the Timeout length on my connection?...................................................6

3.3.2 How many devices can I use on the VPN at the same time? (Concurrent
Connections)...................................................................................................................6
3.3.3 Do I have to be a Local Administrator to connect to the VPN?.............................6
3.3.4 Why does my RDP connection fail?......................................................................6
3.3.5 Why has it taken me straight to a specific gateway?...........................................7
3.4

Browsers Issues.........................................................................................................7

3.4.1 Closing my browser closes my connection. Why?................................................7

3.4.2 Why does the webtop appear in a new tab?........................................................7
3.5

Support Processes......................................................................................................8

3.5.1 I am having issues with the VPN. Who do I speak to?..........................................8

3.5.2 How do I raise a ticket?........................................................................................8
3.6

Non-GE Managed Devices..........................................................................................8

3.6.1 Can I use the VPN from my personal device?.......................................................8

3.7

Legacy VPN................................................................................................................9

2
3.7.1 Can I still access the Juniper VPN when we have migrated to F5?.......................9
3.7.2 When will Juniper VPN be decommissioned?........................................................9
4

Device Type and Connections.......................................................................................10

4.1

What devices and operating systems are supported with the VPN connection?......10

4.2

How do I connect using a Windows Device?............................................................10

4.2.1 Installing the Client............................................................................................10

4.2.2 Connecting to the VPN.......................................................................................11

4.3

How do I connect using a Device running Apple Mac OSX?.....................................16

4.4

iOS Device (for iPhone/iPad)?...................................................................................18

4.5

What prerequisites do I need for the Mobile VPN?...................................................19

4.6

I have a blackberry can I connect to the VPN?......................................................19

Other Features..............................................................................................................20
5.1

What is the Restricted Webtop?...............................................................................20

5.2

Why have I been granted a restricted Webtop?.......................................................20

5.3

Can I connect to my work computer through Remote Desktop?..............................20

Common Issues and Resolutions...................................................................................20

1 Glossary
VPN

Virtual Private Network a way to access the internal GE network while being offsite.
iOS
Apples mobile operating system for the iPhone, iPad and iPod touch
F5
Vendor for the VPN solution
RDP

Remote Desktop Connection remotely access your computer from home.

Mac OSX

The Operating System which runs on a MacBook Pro, MacBook Air and on a Mac Mini;
the latest stable release is named Mountain Lion.
3 Dot network

Another name of the internal GE network named after the IP address range GE owns
(3.X.X.X)

2 Supported Client Platforms

2.1 What operating systems does F5 VPN support
Microsoft Windows

Mac OSX

Linux

32-bit Windows XP SP3;

32-bit/64-bit Windows Vista
SP2;
32-bit/64-bit Windows 7 SP1;
Windows 8;

Apple OS X
10.8.x; Apple OS
X 10.7.x

Not Supported

IE7, IE8, IE9, IE10, Firefox or

Chrome
Only 32-bit browsers are
supported

Firefox 21, Safari 5.x,

Safari 6 or Chrome
27

Mobile
Devices
Apple iOS
versions 5, 6, &
7

3 Generic Questions
3.1 Where are the locations I can connect to?
There are currently 8 VPN locations split across Americas, EMEA and ASPAC poles. The
specific locations are as follows:
Americas
Cincinnati
Alpharetta
EMEA
Amsterdam

4
London
ASPAC
Bangalore (unavailable to Aviation/Energy Business users)
Shanghai
Singapore
Sydney

3.2 VPN Tokens

3.2.1

What types of Tokens are there?

There are 3 different tokens which can be issued to you. These are: Hard, Soft and Mobile
tokens. These are used for gaining access to the GE network using your PIN+Token
combination by creating a 6 digit code every 60 seconds.

3.2.2

What is a Hard Token?

A hard token is a physical token issued by GE which creates a

token every 60 seconds. The screen will display the 6 digit code
which, combined with your pin, will grant you access to the VPN.
Also, on the left hand side of the screen are bars that indicate
10-second intervals that the code is valid for. If there are no bars
visible, it means that the displayed code will expire in less than
10 seconds. Please wait until the token has refreshed before
trying to log in

3.2.3

What is a Soft Token?

A soft token is a software based issuer of the code which you can access on your
computer, which differs substantially from the hard token. With the software token, you
enter your pin within the RSA software and press Enter.
From that process you will receive an 8 character passcode
which is copied (by using the Copy button) and pasted into the
Pin+Token field using the CTRL+ v key combination.
Note: This is your Pin+Token and it is only valid for 60 seconds,
so please copy and paste it immediately. There are disappearing blocks at the
bottom of the passcode window. When the last one disappears. Your token will expire in
less than 6 seconds please wait for the pin prompt and generate a new passcode

following the steps above.

3.2.4

What is a Mobile Soft Token?

The mobile soft token is an application for iOS which allows you to have access to the RSA
Token from your mobile. It is very similar to a soft token, but is available to you without
having your work computer with you.

3.2.5

Where can I request a Token?

All tokens are available to request on the Identity Manager website (https://idm.ge.com)

Please make your way to the IdM site, and you should have your standard panel of
options. Please click on Accounts & Devices

When you find yourself on the page named manage your personal accounts please
click on Need Accounts / Access? Click here to request. Also you can see what
devices which you have registered with your account.

From this page you can request the different types of token you may require. For a Hard
Token or a Mobile Token, please click on the link named SecurID Token-request for all
RSA hardware and software tokens. For Soft Tokens, please click the link Soft Token
Request at the bottom of the list.
o When clicking on SecurID Token-request for all RSA hardware and software
tokens, youll be given several options from which you can choose from. Please
choose the one most relevant to you, fill in the form and submit
o When clicking on the Soft Token Request link, workflow forms will pop up in a
different window. Please fill in this form and submit.

3.2.6
Why PIN+Token authentication over SSO Password and
Certificates?
During Proof of Concept, we used SSO passwords and the certificates on the device.
However, feedback from of the Business Unit leaders was they were uncomfortable
utilizing an email certificate as the 2 factor authentication and want to still leverage
PIN+Token technique for security reasons. In the long-term, with the development of the
PKI and DRP solutions for Mac/PC we will evolve into not needing PIN+Token and utilizing
device certificates and SSO password for VPN access.

3.3 Connections
3.3.1

What is the Timeout length on my connection?

The timeout is 48 hours, similar to the Juniper solution we are running currently. There is
also an Idle timeout set at 4 hours, which if you away for that amount of time with your
VPN connection still on, your connection will automatically connect without the need for
credentials.

3.3.2
How many devices can I use on the VPN at the same time?
(Concurrent Connections)
For F5 VPN there is currently no limit to the number of devices you can connect at one.
This differs from Juniper VPN where you were able to use one device per site you are
connected to.

3.3.3

Do I have to be a Local Administrator to connect to the VPN?

No. Local and Non-local administrators can connect to F5 VPN from a GE managed device.

3.3.4

Why does my RDP connection fail?

Your RDP connection fails to show or connect when youve used the short name for the
computer. However, this can cause issues or where the connection looks for the computer.
To solve this, you can either enter the IP address of the device or use the Fully Qualified
Domain name (FQDN). To find the FQDN you will have to follow the steps below
Windows XP
1. From the start button, rick click on My Computer and choose Properties
2. Click on the Computer Name tab
3. The FQDN can be found under the Full Computer Name property.
Windows 7/8
1. From the start button, find the Computer listing and right click and choose
Properties
2. A new popup will show giving basic information about your computer. Scroll down to
Computer Name, domain and WorkGroup settings
3. The FQDN is the Full Computer Name property.

3.3.5

Why has it taken me straight to a specific gateway?

When connecting to https://ras.connectge.com, the server checks where you are in the
world through several factors, such as IP address and headers from the browser. From
there it makes an educated guess which gateway is closer to you, and therefore you
experience a quicker connection to the GE network. This is a lot more efficient than the
legacy VPN, which pointed to a gateway which is associated with your SSO!

8
However, if you would like to choose a more specific server, you can choose your location
when logging in by selecting the desired location from the dropdown box. When selecting
the new location, it will point you to a different URL and you might lose any data youve
inserted into the SSO and PIN+Token fields.

3.4 Browsers Issues

3.4.1

Closing my browser closes my connection. Why?

When connecting to F5 VPN through your browser, the connection is dependent upon the
browser limiting the need for a client to be installed on each machine, while giving
access to more advanced features such as RDP. However, if you do close your browser
session, youll lose your connection, but there are alerts which will appear if you do try.

3.4.2

Why does the webtop appear in a new tab?

This is where youve got a setting in your browser to open up all new windows in a tab in
the same window. This can cause problems for the F5 software running on your computer
when it tries to minimize it to the tray. To get around this issue, you will have to uncheck
this option on your settings.
Internet Explorer

1. In the main browser window, please head to Tools -> Internet Options
2. In the subsection named Tabs please click the button marked Settings

3. In the section named When a pop-up in encountered please select Let Internet
Explorer decide how pop-ups should open.

4. Click Ok and then Apply for the changes to take effect.

3.5 Support Processes

3.5.1

I am having issues with the VPN. Who do I speak to?

You can raise a ticket with the Helpdesk (http://helpdesk.ge.com). For more
information about the process to raise a ticket, please navigate to How do I raise a
ticket?

3.5.2

How do I raise a ticket?

There are three different ways to contact the Helpdesk; these are: Phone, Click-to-Chat and
submitting a web ticket. For the latter two, you can find business specific helpdesks at
https://helpdesk.ge.com, or by ringing 3777 (+1 513 774 5380) from your phone.

3.6 Non-GE Managed Devices

3.6.1

Can I use the VPN from my personal device?

Yes, but limited access to the GE network (GE approved contractors are exempt from these
restrictions), including applications such as:
Webmail
Support Central
Remote Desktop Connection (RDP)
To take advantage of this feature, please head to http://ras.connectge.com/ from your
preferred browser and login as you would with a work computer.
PLEASE NOTE: Trying to install and connect using the GE Remote Access Client from a
home machine will not work. Please use the method mentioned above to connect.

3.7 Legacy VPN

3.7.1

Can I still access the Juniper VPN when we have migrated to F5?

The Juniper environment is going to be run in parallel to the F5 migration initially and users
will have access to this. Users can also rollback to their old VPN service whilst we
remediate any issues. Businesses will only incur a single charge even if users access both
services during the same month.

10

3.7.2

When will Juniper VPN be decommissioned?

Juniper concentrators will be decommissioned starting May 2014.

11

4 Device Type and Connections

4.1 What devices and operating systems are supported with the VPN
connection?
The devices and operating systems which are supported with the VPN is the same as what
GE supports as a business. These include:

Windows 7
Windows 8
Windows XP
o Note: XP is now End of Life, and will not be available from 8th April 2014
Mac OSX
Apple iOS 5, 6 & 7 (for iPhone and iPad)

4.2 How do I connect using a Windows Device?

PLEASE NOTE: If your icon on the desktop is the same as the one shown
on the right hand side, and NOT a F5 ball, please follow the instructions
below to install the pre-requisites for the F5 VPN. This only needs to be
installed once!

4.2.1

Installing the Client

For GE managed devices; To download the F5 client, you will have to go to your local
application catalog (CA/AppDepot/other) to download the package. The package name is
F5 Networks Remote Access Client 11.4
For non-GE managed devices, the client software can be downloaded here

12
When installed, it will alert you to click yes to acknowledge the successful completion of
the software.

4.2.2

Connecting to the VPN

4.2.2.1
Client
From your desktop, please double click on the F5 ball named Remote Access (pictured
below)

This will open up a client which looks similar to the picture below. To start the connection
please click the connect button

After a couple of seconds a popup will appear with a SSO + PIN+TOKEN boxes to insert
your credentials. You are also able to change gateway by clicking on a dropdown box. After
youve added your credentials please press Login to start the tunnel.

13
This prompt will disappear and the original dialog will appear while it goes through the
stages to connect. After a couple of seconds it should show Connected and you are able
to see some data being transferred

You will also see the F5 ball in the taskbar. This is where you can retrieve the dialog when
it has been minimized as well as gain more advanced options to the client.

Right clicking on the F5 ball will give you the following options.

14

4.2.2.2
Webtop
From your preferred browser, please navigate to https://ras.connectge.com
This will open up the closest gateway to your geographical location. From there, enter your
SSO and PIN+Token and click Login. If your credentials are incorrect, it will come back to
the same page with an error message.

When logged in, it will go through a several host checks and then points you to the
webtop.

15

From here, you are able to access internal sites such as Support Central and Webmail
without creating a tunnel.
Click on the GE Network Access button. This will bring up a new small window.

This new window will go through several steps which will finish with creating a secure
connection to the GE internal network and minimize the window down to the tray.

16

To disconnect from the VPN, you will need to double click on the icon in the tray and click
disconnect.

You will also be alerted when closing down the webtop if you would like to disconnect from
the VPN.

And you will get a similar popup when closing the connection window.

17

4.3 How do I connect using a Device running Apple Mac OSX?

For GE managed Mac OSX machines, users can follow the below instructions to install from
the GE AppMarket.
For Non-GE managed Mac OSX machines, users can navigate to https://ras.connectge.com
from Safari, Firefox, or Chrome.
To start, please click on the GE Monogram at the top of the screen and click GE
AppMarket

Find the package F5 VPN Client on the AppMarket and go through the steps to install it.

18

Once installed, the Remote Access button under the GE Monogram on the top bar will
have changed to an F5 ball instead of the Junipers padlock. To start up the application,
please click on that option.

You will be presented with a new icon on the top bar and also a new window. To start the
connection, please click Connect.

The window will update with a shrunk webpage which will ask you for your pin and token,
similar to what you would see when accessing the site from a common browser. Insert your

19
details in and click submit. Depending on if your credentials are correct, you will either
be presented with an error message or a new screen.

Once you have been authenticated, the screen will change to a graph paper. From here,
the application will go through the steps to create the tunnel.

Once the tunnel has been created, the window will minimize to the dock and
Upstream/Downstream data will be updated on the icon in the top bar.

20

To disconnect from the VPN, all you will have to do is click on the icon on the top bar and
click disconnect.

4.4 iOS Device (for iPhone/iPad)?

Note: There are several prerequisites before you can connect to the F5 VPN. More
information can be found in the section below labeled What perquisites do I need for
Mobile VPN
To connect successfully to the F5 Mobile VPN, you will need to download the F5 Edge
Client from the app store. For more information and instructions, please click here.

4.5 What prerequisites do I need for the Mobile VPN?

There are certain prerequisites before you can use the VPN.
Must be registered for a Mobile VPN account
An iOS device running
A device that is AirWatch enrolled
F5 Profile (this can be downloaded from www.ge.com/app?f5)
F5 EDGE client app installed
Below you can find instructions on how you would go about enrolling yourself in the
AirWatch program:
How to register for a VPN account
Getting started with Airwatch
Connecting to the F5 VPN

4.6 I have a blackberry can I connect to the VPN?

Due to the way that the blackberry device is run in GE, they already have full access to the
GE internal network without the need to connect to the VPN!

21

5 Other Features
5.1 What is the Restricted Webtop?
The restricted webtop is a landing page to the GE network where you have limited access
to certain features and applications on the GE Network. These include:
Webmail
Support Central
Remote Desktop Connection

5.2 Why have I been granted a restricted Webtop?

You have either tried to access the VPN through a Non-GE managed device, or have failed
the host check on your machine. If you have experienced this on a GE managed device the
please contact the helpdesk or your business managed helpdesk.

5.3 Can I connect to my work computer through Remote Desktop?

You are able to connect to your work computer if it satisfies the following criteria: The work
machine is on and connected to the GE Network; is registered on Identity Manager
(https://idm.ge.com) and have a computer which can access the VPN connection.

6 Common Issues and Resolutions

Issue
When I minimize my RDP
window when maximized, I
am unable to maximize the
window again?

I have the Chrome plugin

installed but it
s telling me that it is not?

Resolution
To maximize the window again, please use the following
keyboard shortcuts:
Windows:
Desktop keyboard: Please press CTRL + ALT +
Pause/Break key
Laptop keyboard: Please press CTRL + ALT + FN +
ESC
Mac:
Please press CMD + 2
This is an issue where the F5 updates itself with the
plugin and therefore needs a new installation of the
plugin to continue. Please head to chrome://extensions
and remove the plugin, and follow the steps provided in
the error message to download again.