Skip to main content Skip to navigation
Washington State University
Information Technology Services

Installing GlobalProtect VPN – Windows

Starting in mid-March, ITS will be adding Okta Multifactor Authentication (MFA) to its general VPN portals. This will change the way that users log in to the VPN. Here is what to expect when the change occurs.

Download Client

The latest client is available from the VPN portal. Use https with a web browser to connect to

  • Login with WSU AD credentials.
  • No need for additional prefixes or suffixes.
  • Example: will only need username john.smith

Paloalto Login Screen

After logging in, there will be several installation files available depending on operating system. Select the appropriate file and download it:

GlobalProject Portal

Okta MFA GlobalProtect VPN Login Steps
Once the VPN portal has been updated to require Okta MFA the user experience will change. When the user connected to the VPN, they will instead receive an Okta login page.

global protect

On this page, enter your username and password. If you scroll down on this page, you will see a ‘Remember me’ option. Check this option to have your username saved for future logins. This is recommended.

GlobalProtect destination select

Once a valid credential pair is entered, you will receive a prompt to choose your MFA option. You can use any MFA option that is supported by Okta, including SMS, App Push, Google Authenticator, Security Key, etc. Push notifications with the Okta Verify App are recommended.

global protect destination select

global protect destination select

When selecting Okta Verify Push notifications, it is recommended to select the option ‘Send push automatically’

global protect destination select

While the option ‘Do not challenge me on this device for the next 24 hours’ option may be checked, this option will not have any effect. You will continue to be prompted for multi-factor authentication for every VPN login.

At this point, you should receive a multifactor prompt on your device or be ready to enter a code from a separate multi-factor app.
IOS Prompt

global protect destination select

For technical assistance: Please contact Crimson Service Desk via email, by phone at (509) 335-4357, or online.


4.1.1. Installation Issues
After the install, Global Protect may not open or may not be able to connect to the portal even if the computer is connected to the network. Verify the service pangps is installed and is running. If it is not installed or cannot start, uninstall and reinstall the client (may require elevated permissions).

4.1.2. Operational Issues
If Global Protect is installed and pangps service is running, there may be other potential issues. If the client indicates login issues, this may be due to the account being locked out after too many attempts. Or it could be due to trying to login to a VPN that the user does not have access to.
For other issues, it may be necessary to review the logs on the client machine. The pangps.log can be retrieved from the Global Protect application folder or through the client. On the client, click the settings icon in the upper right corner and then go to the troubleshooting tab. Press the “Collect Logs” button and save the zip file to an easily accessible folder location –

GlobalProtect Troubleshooting