GlobalProtect VPN client

Your VPN enables a secure connection between your computer and resources on your Relativity instance's network. The following resources are available when you connect to the GlobalProtect VPN client:

For Sandbox environments, you can access the following back end resources via the VPN:

GlobalProtect VPN requirements

Consider the following local machine requirements:

  • Refer to the GlobalProtect compatibility matrix to ensure that the VPN client is compatible with your operating system.
  • For RelativityOne, you should be using GlobalProtect 4.1 and above.
  • The VPN software, Global Protect, must be installed locally. This needs to be done under a Local Administrator account. It is possible to install GlobalProtect with group policy as an active directory admin.

Note: Without local administrator, or the ability to install via group policy, you will be unable to install the GlobalProtect client.

Port requirements

The following ports must be opened on user machines and/or firewalls for the GlobalProtect VPN to use when accessing file data in RelativityOne.

Destination Port Protocol Description
443 TCP Used for communication between GlobalProtect agents and portals, or GlobalProtect agents and gateways and for SSL tunnel connections. GlobalProtect gateways also use this port to collect host information from GlobalProtect agents and perform host information profile (HIP) checks.
4501 UDP Used for Global Protect VPN or IPSec tunnel connections between GlobalProtect agents and gateways.

See RelativityOne network access in the RelativityOne technical overview. for complete information on network access requirements.

Current VPN portal URL

There are different geographic data centers that your Relativity instance or sandbox may reside in. Enter the VPN portal URL as it appears below.

Note: Microsoft has renamed Azure Active Directory (Azure AD) to Microsoft Entra ID. This site has been updated to reflect the name change, where applicable. Refer to Microsoft documentation for more information.

The IP addresses listed below are for both VPN and regular, non-VPN, access.

All VPN portal URL are formatted as vpn.[regional domain].relativity.one

Note: VPN portal URL are only accessed when connecting to your Utility Server or Direct SQL via the VPN. See Accessing the RelativityOne backend (custom reporting, application dev, data manipulation).

Primary Azure/Entra ID region VPN Portal URL
US-Central (CTUS) vpn.ctus.relativity.one
US-East (ESUS) vpn.esus.relativity.one
Canada-Central (CACT) vpn.cact.relativity.one
UK-South (UKSO) vpn.ukso.relativity.one
Asia-East (ESAS) vpn.esas.relativity.one
Brazil-South (BRSO) vpn.brso.relativity.one
Europe-West (WSEU) vpn.wseu.relativity.one
France - Central (FRCT) vpn.frct.relativity.one
Germany-West Central (DECT) vpn.dect.relativity.one
Switzerland North (CHNO) vpn.chno.relativity.one
Australia-East (AUEA) vpn.auea.relativity.one
Korea-Central (KRCT) vpn.krct.relativity.one
United Arab Emirates (AENO) vpn.aeno.relativity.one
India (INCT) vpn.inct.relativity.one
Ireland (NOEU) vpn.noeu.relativity.one
South Africa (ZANO) vpn.zano.relativity.one
Southeast Asia (SEAS) vpn.seas.relativity.one
Japan (JPES) vpn.jpes.relativity.one
Legacy Sandboxes vpn.ctussbx.relativity.one

Accepting the invitation from Microsoft Entra ID

  1. Customer Support will issue an invitation from Microsoft Active Directory with the following information:
  2. Click on the Accept Invitation link in the email.
    • If your organization does not use Active Directory, please continue with the prompts to complete creating the Microsoft account.
    • If your organization has Active Directory, your account will be connected automatically.
  3. Your account creation is complete when you log in to Azure/Entra ID Portal.
  4. Proceed to Downloading and installing the GlobalProtect VPN client to install the GlobalProtect VPN client.

Downloading and installing the GlobalProtect VPN client

Note: You must have local admin rights to install the VPN client. If you are not a local admin, contact your IT department to install it via Group Policy. Instructions for installing the client via Group Policy are found at https://live.paloaltonetworks.com/t5/Management-Articles/Using-Active-Directory-GPO-to-Install-the-GlobalProtect-Client/ta-p/61120.

Your VPN connection is typically created during the onboarding process for RelativityOne. If you have questions, please contact your designated Customer Success Manager.

Note: To download and re-install the VPN client, follow the following instructions, but skip the steps related to resetting your password.

  1. Navigate to the portal for the geographic region you use RelativityOne in. The correct portal address for you to use can be found in the table listed under Current VPN portal URL section above.
  2. In the Microsoft Pick an account prompt, click the Use another account option.
  3. Enter your own credentials.
    Microsoft credentials for sign in
  1. Once you are logged in, download the appropriate VPN client to your computer.
    Global protect portal download screen
  1. Install the GlobalProtect VPN client you just downloaded. Follow the default prompts.

Note: If you are using macOS and are unable to use GlobalProtect after installing, review the General tab in your Security and Privacy settings and ensure that system software from PanGPS is not blocked from loading.

Logging in using your GlobalProtect VPN client

  1. After installing the VPN client, the GlobalProtect toolbar menu will open. If it does not open automatically, you can search for GlobalProtect in the bottom left-hand search bar to open it.
    Global protect icon on machine
  1. Click the gear icon in the upper right-hand corner of the toolbar menu, and then select Settings to access the Settings dialog window and configure the VPN client.
    Welcome to Global Protect connection screen
  2. Under the General tab, click the Add button to add the RelativityOne Portal Address. Ensure you enter the correct portal. This depends on which geographic region your RelativityOne instance resides in. You should not enter the "http://" preceding the portal address.
    Enter portal address
  1. Click Save.
  2. Close the Settings dialog.
  3. Click on the GlobalProtect icon in your tray, and then click the blue Connect button. A pop-up window for reviewing permissions displays.
  4. After reviewing the terms, click Accept.
    Review permissions screen
  1. A prompt for your VPN user credentials displays. Choose the appropriate VPN user credentials to sign in with in the Microsoft Pick an account screen. This prompt might appear twice depending on your organization’s settings. A window will display momentarily while you are connected to the VPN.
    Pick a Microstoft account
  2. If the GlobalProtect warning displayed below appears, dismiss the window. This is a known issue with the GlobalProtect client itself and will be addressed in future versions.
    Global Protect warning window - unreliable network
  1. Check your connection status by viewing the GlobalProtect icon in your system tray. When connected, it will display a check mark.
    Global Protect icon displaying connection with check mark

You can click the gear icon, then select Settings to launch the Settings dialog which also shows your connection status. You can perform troubleshooting from this window.

Global Protect settings window for troubleshooting

Changing your VPN password

If you are using VPN user credentials that are based on a real email address, not the firstname.last@vpn.relativity.one legacy VPN credentials, the password reset policies are determined either by you or the overall corporation in which your email exists. Please make sure to check with your IT department on how to change your password as Relativity will no longer have any control over performing a password reset for your VPN user.

To change your expiring or expired passwords, perform the following steps:

Note: If you are already logged into Microsoft at your organization, you may need to open a private browsing window in your internet browser, incognito or InPrivate, and access https://login.microsoftonline.com from there or log out and log back in with the correct credentials. If you do not do this, you will not be prompted to change your temporary password or may receive an error when you try to log out and then log back in.

  1. Access https://login.microsoftonline.com. Log in using your Relativity credentials.
  2. Change your password by access your account settings in the upper right corner menu containing your initials by clicking View Account, and then clicking Change Password in the Password tile to change your password. You will be redirected to new password form. Please enter your old, expired, password and new one, and then click Submit.

Note: After changing your password, you must wait 30 minutes before attempting to log in with your new password.

Adding an additional VPN region to GlobalProtect

This guide will show you how to connect to RelativityOne in an additional region. If you need Utility Server details, please contact your Customer Success Manager.

To add an additional VPN region to your client:

  1. Search for GlobalProtect icon in the task bar to open it.
  1. Click the gear icon in the upper right-hand corner of the toolbar menu, and then select Settings to access the Settings dialog window.
  2. Under the General tab, click the Add button to add the new RelativityOne portal URL in Portal Address.
  1. Click Save.
  2. Close the Settings dialog.
  3. Click on the GlobalProtect icon in your tray.
  4. Select the newly added Portal from the drop-down menu on the GlobalProtect connection screen.
    Portal drop-down on Global Protect connect screen
  1. Click the blue Connect button. A prompt for your VPN user credentials displays.
  1. Enter your VPN user credentials. A window will display momentarily while you are connected to the VPN for the new URL.