Beruflich Dokumente
Kultur Dokumente
Glossary..........................................................................................................................3
Generic Questions...........................................................................................................3
3.1
3.2
VPN Tokens.................................................................................................................4
Connections...............................................................................................................6
Browsers Issues.........................................................................................................7
Support Processes......................................................................................................8
Legacy VPN................................................................................................................9
2
3.7.1 Can I still access the Juniper VPN when we have migrated to F5?.......................9
3.7.2 When will Juniper VPN be decommissioned?........................................................9
4
What devices and operating systems are supported with the VPN connection?......10
4.2
4.3
4.4
4.5
4.6
Other Features..............................................................................................................20
5.1
5.2
5.3
1 Glossary
VPN
Virtual Private Network a way to access the internal GE network while being offsite.
iOS
Apples mobile operating system for the iPhone, iPad and iPod touch
F5
Vendor for the VPN solution
RDP
The Operating System which runs on a MacBook Pro, MacBook Air and on a Mac Mini;
the latest stable release is named Mountain Lion.
3 Dot network
Another name of the internal GE network named after the IP address range GE owns
(3.X.X.X)
Mac OSX
Linux
Apple OS X
10.8.x; Apple OS
X 10.7.x
Not Supported
Mobile
Devices
Apple iOS
versions 5, 6, &
7
3 Generic Questions
3.1 Where are the locations I can connect to?
There are currently 8 VPN locations split across Americas, EMEA and ASPAC poles. The
specific locations are as follows:
Americas
Cincinnati
Alpharetta
EMEA
Amsterdam
4
London
ASPAC
Bangalore (unavailable to Aviation/Energy Business users)
Shanghai
Singapore
Sydney
There are 3 different tokens which can be issued to you. These are: Hard, Soft and Mobile
tokens. These are used for gaining access to the GE network using your PIN+Token
combination by creating a 6 digit code every 60 seconds.
3.2.2
3.2.3
A soft token is a software based issuer of the code which you can access on your
computer, which differs substantially from the hard token. With the software token, you
enter your pin within the RSA software and press Enter.
From that process you will receive an 8 character passcode
which is copied (by using the Copy button) and pasted into the
Pin+Token field using the CTRL+ v key combination.
Note: This is your Pin+Token and it is only valid for 60 seconds,
so please copy and paste it immediately. There are disappearing blocks at the
bottom of the passcode window. When the last one disappears. Your token will expire in
less than 6 seconds please wait for the pin prompt and generate a new passcode
3.2.4
The mobile soft token is an application for iOS which allows you to have access to the RSA
Token from your mobile. It is very similar to a soft token, but is available to you without
having your work computer with you.
3.2.5
All tokens are available to request on the Identity Manager website (https://idm.ge.com)
Please make your way to the IdM site, and you should have your standard panel of
options. Please click on Accounts & Devices
When you find yourself on the page named manage your personal accounts please
click on Need Accounts / Access? Click here to request. Also you can see what
devices which you have registered with your account.
From this page you can request the different types of token you may require. For a Hard
Token or a Mobile Token, please click on the link named SecurID Token-request for all
RSA hardware and software tokens. For Soft Tokens, please click the link Soft Token
Request at the bottom of the list.
o When clicking on SecurID Token-request for all RSA hardware and software
tokens, youll be given several options from which you can choose from. Please
choose the one most relevant to you, fill in the form and submit
o When clicking on the Soft Token Request link, workflow forms will pop up in a
different window. Please fill in this form and submit.
3.2.6
Why PIN+Token authentication over SSO Password and
Certificates?
During Proof of Concept, we used SSO passwords and the certificates on the device.
However, feedback from of the Business Unit leaders was they were uncomfortable
utilizing an email certificate as the 2 factor authentication and want to still leverage
PIN+Token technique for security reasons. In the long-term, with the development of the
PKI and DRP solutions for Mac/PC we will evolve into not needing PIN+Token and utilizing
device certificates and SSO password for VPN access.
3.3 Connections
3.3.1
The timeout is 48 hours, similar to the Juniper solution we are running currently. There is
also an Idle timeout set at 4 hours, which if you away for that amount of time with your
VPN connection still on, your connection will automatically connect without the need for
credentials.
3.3.2
How many devices can I use on the VPN at the same time?
(Concurrent Connections)
For F5 VPN there is currently no limit to the number of devices you can connect at one.
This differs from Juniper VPN where you were able to use one device per site you are
connected to.
3.3.3
No. Local and Non-local administrators can connect to F5 VPN from a GE managed device.
3.3.4
Your RDP connection fails to show or connect when youve used the short name for the
computer. However, this can cause issues or where the connection looks for the computer.
To solve this, you can either enter the IP address of the device or use the Fully Qualified
Domain name (FQDN). To find the FQDN you will have to follow the steps below
Windows XP
1. From the start button, rick click on My Computer and choose Properties
2. Click on the Computer Name tab
3. The FQDN can be found under the Full Computer Name property.
Windows 7/8
1. From the start button, find the Computer listing and right click and choose
Properties
2. A new popup will show giving basic information about your computer. Scroll down to
Computer Name, domain and WorkGroup settings
3. The FQDN is the Full Computer Name property.
3.3.5
When connecting to https://ras.connectge.com, the server checks where you are in the
world through several factors, such as IP address and headers from the browser. From
there it makes an educated guess which gateway is closer to you, and therefore you
experience a quicker connection to the GE network. This is a lot more efficient than the
legacy VPN, which pointed to a gateway which is associated with your SSO!
8
However, if you would like to choose a more specific server, you can choose your location
when logging in by selecting the desired location from the dropdown box. When selecting
the new location, it will point you to a different URL and you might lose any data youve
inserted into the SSO and PIN+Token fields.
When connecting to F5 VPN through your browser, the connection is dependent upon the
browser limiting the need for a client to be installed on each machine, while giving
access to more advanced features such as RDP. However, if you do close your browser
session, youll lose your connection, but there are alerts which will appear if you do try.
3.4.2
This is where youve got a setting in your browser to open up all new windows in a tab in
the same window. This can cause problems for the F5 software running on your computer
when it tries to minimize it to the tray. To get around this issue, you will have to uncheck
this option on your settings.
Internet Explorer
1. In the main browser window, please head to Tools -> Internet Options
2. In the subsection named Tabs please click the button marked Settings
3. In the section named When a pop-up in encountered please select Let Internet
Explorer decide how pop-ups should open.
You can raise a ticket with the Helpdesk (http://helpdesk.ge.com). For more
information about the process to raise a ticket, please navigate to How do I raise a
ticket?
3.5.2
There are three different ways to contact the Helpdesk; these are: Phone, Click-to-Chat and
submitting a web ticket. For the latter two, you can find business specific helpdesks at
https://helpdesk.ge.com, or by ringing 3777 (+1 513 774 5380) from your phone.
Yes, but limited access to the GE network (GE approved contractors are exempt from these
restrictions), including applications such as:
Webmail
Support Central
Remote Desktop Connection (RDP)
To take advantage of this feature, please head to http://ras.connectge.com/ from your
preferred browser and login as you would with a work computer.
PLEASE NOTE: Trying to install and connect using the GE Remote Access Client from a
home machine will not work. Please use the method mentioned above to connect.
Can I still access the Juniper VPN when we have migrated to F5?
The Juniper environment is going to be run in parallel to the F5 migration initially and users
will have access to this. Users can also rollback to their old VPN service whilst we
remediate any issues. Businesses will only incur a single charge even if users access both
services during the same month.
10
3.7.2
11
Windows 7
Windows 8
Windows XP
o Note: XP is now End of Life, and will not be available from 8th April 2014
Mac OSX
Apple iOS 5, 6 & 7 (for iPhone and iPad)
4.2.1
For GE managed devices; To download the F5 client, you will have to go to your local
application catalog (CA/AppDepot/other) to download the package. The package name is
F5 Networks Remote Access Client 11.4
For non-GE managed devices, the client software can be downloaded here
12
When installed, it will alert you to click yes to acknowledge the successful completion of
the software.
4.2.2
4.2.2.1
Client
From your desktop, please double click on the F5 ball named Remote Access (pictured
below)
This will open up a client which looks similar to the picture below. To start the connection
please click the connect button
After a couple of seconds a popup will appear with a SSO + PIN+TOKEN boxes to insert
your credentials. You are also able to change gateway by clicking on a dropdown box. After
youve added your credentials please press Login to start the tunnel.
13
This prompt will disappear and the original dialog will appear while it goes through the
stages to connect. After a couple of seconds it should show Connected and you are able
to see some data being transferred
You will also see the F5 ball in the taskbar. This is where you can retrieve the dialog when
it has been minimized as well as gain more advanced options to the client.
Right clicking on the F5 ball will give you the following options.
14
4.2.2.2
Webtop
From your preferred browser, please navigate to https://ras.connectge.com
This will open up the closest gateway to your geographical location. From there, enter your
SSO and PIN+Token and click Login. If your credentials are incorrect, it will come back to
the same page with an error message.
When logged in, it will go through a several host checks and then points you to the
webtop.
15
From here, you are able to access internal sites such as Support Central and Webmail
without creating a tunnel.
Click on the GE Network Access button. This will bring up a new small window.
This new window will go through several steps which will finish with creating a secure
connection to the GE internal network and minimize the window down to the tray.
16
To disconnect from the VPN, you will need to double click on the icon in the tray and click
disconnect.
You will also be alerted when closing down the webtop if you would like to disconnect from
the VPN.
And you will get a similar popup when closing the connection window.
17
Find the package F5 VPN Client on the AppMarket and go through the steps to install it.
18
Once installed, the Remote Access button under the GE Monogram on the top bar will
have changed to an F5 ball instead of the Junipers padlock. To start up the application,
please click on that option.
You will be presented with a new icon on the top bar and also a new window. To start the
connection, please click Connect.
The window will update with a shrunk webpage which will ask you for your pin and token,
similar to what you would see when accessing the site from a common browser. Insert your
19
details in and click submit. Depending on if your credentials are correct, you will either
be presented with an error message or a new screen.
Once you have been authenticated, the screen will change to a graph paper. From here,
the application will go through the steps to create the tunnel.
Once the tunnel has been created, the window will minimize to the dock and
Upstream/Downstream data will be updated on the icon in the top bar.
20
To disconnect from the VPN, all you will have to do is click on the icon on the top bar and
click disconnect.
21
5 Other Features
5.1 What is the Restricted Webtop?
The restricted webtop is a landing page to the GE network where you have limited access
to certain features and applications on the GE Network. These include:
Webmail
Support Central
Remote Desktop Connection
Resolution
To maximize the window again, please use the following
keyboard shortcuts:
Windows:
Desktop keyboard: Please press CTRL + ALT +
Pause/Break key
Laptop keyboard: Please press CTRL + ALT + FN +
ESC
Mac:
Please press CMD + 2
This is an issue where the F5 updates itself with the
plugin and therefore needs a new installation of the
plugin to continue. Please head to chrome://extensions
and remove the plugin, and follow the steps provided in
the error message to download again.