The SMPH Networking and Security group have setup a new GlobalProtect VPN portal for SMPH Employees. It is our goal to have all SMPH employees’ transition to using smph.vpn.wisc.edu for their VPN needs. * There are no action items required by you at this time. If interested, below are the technical reasons why we are making this change.
The new SMPH VPN portal has greater security controls which enhances the protections for securing SMPH data. This includes Multifactor Authentication via DUO as well as additional host checking that include verifying the device connecting to the portal is patched, running anti-virus and complies to minimum security standards. Eventually, once all of SMPH has transitioned to using the new portal, SMPH resources will only be accessible via this portal, resulting in increased security for SMPH data and resources. SMPH IT will transition our supported groups in the new year by pushing it out, or you can get a jump start by using the links below.
PC Instructions for accessing smph.vpn.wisc.edu: https://confluence.med.wisc.edu/x/A4OdAw
Mac Instructions for accessing smph.vpn.wisc.edu: https://confluence.med.wisc.edu/x/3IKdAw
The benefits of using SMPH VPN include but are not limited to:
- Access to specific UW Health resources (if user has UWH credentials and has been provisioned access). UWH Citrix Applications e.g., Healthlink, and other services e.g., uConnect, ServiceNow.
- End to end visibility and security for VPN connections. The SMPH VPN context is part of the larger UW Madison Palo Alto (PA) infrastructure which allows SMPH to inherit all the enterprise level logging and monitoring available to us from the campus Cybersecurity Operations Center (CSOC) for this service.
- Higher speed/bandwidth than WiscVPN as it’s on this end of campus.
- Additional Security controls: Enforcing a common set of security controls on any device that connects. These security controls include things like Host Information Protocol (HIP) checks and Multifactor Authentication (MFA) via DUO.
- The security controls which are in place today on the SMPH VPN allow us to be reasonably certain that the user is who they say they are (via MFA) and the device the user is using to connect is managed to a minimum standard (via HIP checks).
- This setup also allows SMPH departments to have their own internal IP ranges when devices connect to this SMPHVPN for individual departmental firewall configurations while also providing a common set of external campus IPs via Network Address Translation (NAT) for any connections to UW Health or other entities outside of the UW Madison IP space. This set of campus IPs is fully separate from any current SMPH departmental IP range so we can avoid any overlap with existing firewall rules for “trusted wired networks” that might exist today for devices which are considered to be coming from onsite connections at SMPH locations.