Note: This article describes how to use GlobalProtect VPN on macOS 10.14 Mojave or later. However, if you have macOS 10.15 Catalina or newer installed, we recommend that you instead use the GlobalProtect VPN client.

Some Amherst College resources and services require that your computer have an on-campus Internet address in order to use them. If you are off campus, you can use a Virtual Private Networking (VPN) connection in order to appear as if you were on campus and access those resources and services.

This article describes how to set up the GlobalProtect VPN service on a Macintosh computer using the macOS VPN framework for its connections, which allows it to work with macOS 10.14 Mojave. The Global Protect client available for newer versions of macOS does not work on Mojave. Ideally one will upgrade to a newer version of macOS, as Mojave is nearing its end-of-support, but that may not always be feasible. The GlobalProtect client may also have occasional issues on new versions of macOS, and this method provides an alternative.


  1. GlobalProtect connections require two-factor authentication using Duo, and for this purpose it must use your preferred smartphone. If you are already challenged on your phone immediately after entering your password, you’re all set. Otherwise, the Mac’s VPN framework doesn’t know how to prompt you for the method to respond, nor is there a way to enter a token from a key fob if you happen to be using that method. Visit this page for instructions on how to set your default Duo device.
  2. Make sure you have a network connection and that you can access the Internet.
  3. From the menu  Apple, select the menu item System Preferences….
  4. In the window System Preferences, click on the icon Network.
  5. Now in the window Network, to make changes to the network settings you may need to click on the icon Lock. In this case you will be prompted to enter an administrator password for your Mac. 
  6. To add a new VPN connection, click on the button + in the lower left corner of the window.
  7. The dialog Select the interface and enter a name for the new service now appears:
    1. In the menu Interface:, select the menu item VPN;
    2. In the menu VPN Type:, select the menu item Cisco IPSec;
    3. In the text field Service Name:, type a distinct name such as Amherst College (GlobalProtect).
    4. Click the button Create to continue.
  8. Back in the window Network, you will see your new VPN service listed and selected. Then:
    1. In the text field Server Address:, type;
    2. In the text field Account Name:, type your Amherst username;
    3. In the text field Password:, type your Amherst password;
  9. Click the button Authentication Settings…. In the dialog Machine Authentication:
    1. In the text field Shared Secret:, type amherstvpn.
    2. In the text field Group Name:, type amherstvpn.
    3. Click the button OK to continue.
  10. Click the button Advanced…. In the dialog Wi-Fi:
    1. Click on the tab DNS.
    2. Under the box DNS Servers:, click the button +.
    3. In the box DNS Servers: type in the IP address
    4. Under the box DNS Servers:, again click the button +.
    5. In the box DNS Servers: type in the IP address
    6. Under the box Search Domains:, click the button +.
    7. Click in the box Search Domains:, and type in the domain
    8. Click the button OK to continue.
  11. Click on the checkbox Show VPN status in menu bar.
  12. Click the button Apply to continue.
  13. In the menu bar, the icon 
     for VPN should now be visible.
    1. To connect or disconnect VPN without opening the Network System Preferences, click on
       and then select the menu item for the VPN service you just created.
    2. When you are connected to VPN, the icon
       does not provide any obvious indication of this status. It’s therefore a good idea to click on
       and select the menu item Show Time Connected, which goes away once you disconnect.

Please disconnect from VPN when you are no longer using it to connect to Amherst systems.


five college