bSecure Remote Access VPN

bSecure Remote Access VPN

bsecure/globalprotect VPN

The bSecure Remote Access VPN (Virtual Private Network) service, using the Palo Alto Networks’ GlobalProtect software, allows CalNet ID–authenticated users to securely access the UC Berkeley network from outside of campus as if they were on campus and encrypts the information sent through the network.

  • Split Tunnel is the default and is used to allow users to access on-campus resources. When using the split tunnel option, any traffic meant for destinations on campus will go through the GlobalProtect client and VPN tunnel. However, traffic meant for other sites like Google will not use the VPN tunnel.
  • Full Tunnel (listed as “Library Access and Full Tunnel”) directs all traffic, regardless of the destination, through the GlobalProtect client and VPN tunnel.  All client traffic is routed through the campus network with an IP address associated with the campus. This is most commonly used if you are accessing a resource that is licensed for UC Berkeley, such as journals licensed through the library only for campus users.
  • Restricted Tunnel is a future service that will be limited to people people that need access to sensitive systems and data.  It will have increased monitoring, and will utilize many of the advanced security features of the Palo Alto Networks firewalls.

The bSecure VPN service is a collaboration between Network Operations and Information Security and Policy.

How to Get Started

Self Service for Managed Desktops

If your computer has the managed Berkeley Desktop for Windows or macOS, you can install the "GlobalProtect VPN" from Big Fix (for Windows) or the Self Service application (for macOS) on your computer.

Software Downloads for Non-Managed/Personal Machines

If you have admin access to your computer, you can download and install the software yourself: Download GlobalProtect Software . If you use a screen reader or use the native GlobalProtect client on ChromeOS, you may want to use this alternative portal. If you're not sure, contact your department's IT support for help. 

Installation Instructions:

Note: If the GlobalProtect icon is not visible you can open a dialog window using the "globalprotect launch-ui" command in a shell/terminal window in v5.1.1 or newer.

If you need support please email ITCS at:


  • Students
  • Staff
  • Faculty


No direct user costs.