VPN installation manual Authentication system for Remote Access Microdata (Version for Mac)
Version 1.0
Introduction In order to use the CBS Remote Access Microdata service, a VPN connection is necessary. This requires a special VPN client that uses a strict client policy. This document describes the steps that must be taken to install the required VPN client on a Mac device.
2
Index
1. Installation preparation 3
2. Installation of the VPN 4
3. Settings for new VPN 9
4. Establishing the VPN connection 13
5. Troubleshooting 15
3
1. Installation preparation
The system that is used to set up the VPN client must meet the following requirements.
System requirements
Operating system Mac OS CPU At least 1 CPU Core Memory At least 1 GB Free disk space 200 MB Internet browser Modern browser
Required Internet Connectivity
Below traffic to microdatavpn.cbs.nl (87.213.43.236) IPSEC and IKE (UDP on port 500) FW1_scv_keep_alive (UDP port 18233) HTTPS (TCP 443)
Note: If a Checkpoint VPN client has already been installed on this system, it must be removed first.
4
2. Installation of the VPN
Open an Internet browser and download the Checkpoint VPN client (Mac version) from this address: https://www.checkpoint.com/products/remote-access-vpn/. Click on Download.
Double-click the icon below on the desktop.
5
A new window will open. Here, click on Endpoint_Security_VPN.pkg.
Click on Ga door (continue).
6
Click at Softwarelicentieovereenkomst (license agreement) on Ga door (continue).
And then on Akkoord (agree).
7
Now click on Installeer (install) and the installation will be executed.
A message will appear that the mac system password should be entered. After that, click on Installeer (install)
8
When the installation is succesful, the following message will appear. Click on Sluit (close).
9
3. Settings for new VPN
First the settings for the new VPN connection should be made. Click on the lock icon in the upper task bar and an options window will appear. Choose VPN Options.
Then choose New.
10
The Site Wizard will start and click on Next.
Type in the Server address. This is microdatavpn.cbs.nl. To continue, click Next.
11
Confirm that it is a trusted site. Click on Trust and Continue.
The authentication method should be set. Choose SecurID and click Next to confirm your choice.
12
At SecurID Authentication choose Use Key FOB hard token. Click Next to confirm.
The message will appear that the VPN site was created successfully. Click on Finish.
13
4. Establishing the VPN connection
To establish the VPN connection click on the lock icon in the upper taskbar. Choose Connect in the options window.
The following window will appear:
1. At the xxxx in Username enter the characters that you can find in the user statement
Remote Access token that you received from us (e.g. [email protected]).
2. Then, at PIN you enter the VPN PIN code which you received by email.
3. As a final step in establishing the VPN connection, the 6-digit Token code must be
entered. See picture below:
14
When logging in for the first time it is possible that the message “Connection Failed” will appear. The reason for this is that there is no active VPN policy on the desktop yet. By logging in again, this message will no longer be displayed. If the VPN connection is successfully established the below messages will appear.
At this point, you will only be able to connect to the site https://microdata.cbs.nl. All other Internet addresses have been blocked.
To disconnect the VPN, click on the Checkpoint VPN icon in the taskbar and select Disconnect.
15
5. Troubleshooting
Installation failed It is possible that the installation has failed.
Go to systeemvoorkeuren (system preferences) to allow the installation. Click on Beveiliging en privacy (Security and privacy).
16
Click here to allow the installation and continue the installation as described in chapter 2
It is possible that the Citrix viewer does not start after opening an application via the web interface. This problem is easily solved by turning off the WiFi and turning it on a few seconds later. After re-connecting the Citrix session will open.
17
Establishing VPN connection has failed After installation of the VPN client, it is possible that establishing the VPN connection fails.
This is due to the firewall. The VPN client expects the firewall to have been turned on.
Go to systeemvoorkeuren (system preferences) to turn on the firewall. Click on Beveiliging en privacy.
18
Under the Firewall tab, click on the lock icon in the lower left corner to adjust the settings
A message may appear that the mac-system password must be entered. After that, click on Ontgrendel (unlock).
19
Click Under the Firewall tab, click on Firewallopties (firewall options) to enable the firewall
Click on the+ sign and add Endpoint Security VPN.
Click OK to confirm.
20
Use the tab Algemeen (general) and click on Sta toe (allow)
The Firewall is now suitable for the VPN software and you can establish the VPN connection d as described in chapter 4.