GlobalProtect VPN client

Your VPN enables a secure connection between your computer and resources on your Relativity instance's network. The following resources are available when you connect to the GlobalProtect VPN client:

• Utility Server VM via Windows Remote Desktop Connection (RDP)
• Direct access to SQL

For Sandbox environments, you can access the following back end resources via the VPN:

• Direct access to SQL

GlobalProtect VPN requirements

Local machine requirements

Consider the following:

• Refer to the GlobalProtect compatibility matrix to ensure that the VPN client is compatible with your operating system.
• For RelativityOne, you should be using GlobalProtect 4.1 and above.
• The VPN software, Global Protect, must be installed locally. This needs to be done under a Local Administrator account. It is possible to install GlobalProtect with group policy as an active directory admin.

Note: Without local administrator, or the ability to install via group policy, you will be unable to install the GlobalProtect client.

Port requirements

The following ports must be opened on user machines and/or firewalls for the GlobalProtect VPN to use when accessing file data in RelativityOne.

Destination Port	Protocol	Description
443	TCP	Used for communication between GlobalProtect agents and portals, or GlobalProtect agents and gateways and for SSL tunnel connections. GlobalProtect gateways also use this port to collect host information from GlobalProtect agents and perform host information profile (HIP) checks.
4501	UDP	Used for IPSec tunnel connections between GlobalProtect agents and gateways.

See RelativityOne network access in the RelativityOne technical overview. for complete information on network access requirements.

Current VPN portal URL

There are different geographic data centers that your Relativity instance or sandbox may reside in. Enter the VPN portal URL as it appears below.

Note: As of October 2023, Microsoft renamed Azure Active Directory (Azure AD) to Microsoft Entra ID. This site has been updated to reflect the name change, where applicable. Refer to Microsoft documentation for more information.

The IP addresses listed below are for both VPN and regular, non-VPN, access.

All VPN portal URL are formatted as vpn.[regional domain].relativity.one

Note: VPN portal URL are only accessed when connecting to your Utility Server or Direct SQL via the VPN. See Accessing the RelativityOne backend (custom reporting, application dev, data manipulation).

Primary Azure/Entra ID region	VPN Portal URL
US-Central (CTUS)	vpn.ctus.relativity.one
US-East (ESUS)	vpn.esus.relativity.one
Canada-Central (CACT)	vpn.cact.relativity.one
UK-South (UKSO)	vpn.ukso.relativity.one
Asia-East (ESAS)	vpn.esas.relativity.one
Brazil-South (BRSO)	vpn.brso.relativity.one
Europe-West (WSEU)	vpn.wseu.relativity.one
France - Central (FRCT)	vpn.frct.relativity.one
Germany-West Central (DECT)	vpn.dect.relativity.one
Switzerland North (CHNO)	vpn.chno.relativity.one
Australia-East (AUEA)	vpn.auea.relativity.one
Korea-Central (KRCT)	vpn.krct.relativity.one
United Arab Emirates (AENO)	vpn.aeno.relativity.one
India (INCT)	vpn.inct.relativity.one
Ireland (NOEU)	vpn.noeu.relativity.one
South Africa (ZANO)	vpn.zano.relativity.one
Southeast Asia (SEAS)	vpn.seas.relativity.one
Japan (JPES)	vpn.jpes.relativity.one
Legacy Sandboxes	vpn.ctussbx.relativity.one

Accepting the invitation from Microsoft Entra ID

1. Customer Support will issue an invitation from Microsoft Active Directory with the following information:
   • Sender—Microsoft Invitations on behalf of RelativityOneVPNinvites@microsoft.com.
   • Subject—RelativityOneVPN invited you to access applications within their organization.
2. Click on the Accept Invitation link in the email.
   • If your organization does not use Active Directory, please continue with the prompts to complete creating the Microsoft account.
   • If your organization has Active Directory, your account will be connected automatically.
3. Your account creation is complete when you log in to Azure/Entra ID Portal.
4. Proceed to Downloading and installing the GlobalProtect VPN client to install the GlobalProtect VPN client.

Downloading and installing the GlobalProtect VPN client

Note: You must have local admin rights to install the VPN client. If you are not a local admin, contact your IT department to install it via Group Policy. Instructions for installing the client via Group Policy are found at https://live.paloaltonetworks.com/t5/Management-Articles/Using-Active-Directory-GPO-to-Install-the-GlobalProtect-Client/ta-p/61120.

Your VPN connection is typically created during the onboarding process for RelativityOne. If you have questions, please contact your designated Customer Success Manager.

1. Navigate to the portal for the geographic region you use RelativityOne in. The correct portal address for you to use can be found in the table listed under Current VPN portal URL section above.

2. In the Microsoft Pick an account prompt, click the Use another account option.

3. Enter your own credentials.

   

4. Once you are logged in, download the appropriate VPN client to your computer.

   

5. Install the GlobalProtect VPN client you just downloaded. Follow the default prompts.

Note: If you are using macOS and are unable to use GlobalProtect after installing, review the General tab in your Security and Privacy settings and ensure that system software from PanGPS is not blocked from loading.

Note: To download and re-install the VPN client, follow the instructions above, but skip the steps related to resetting your password.

Logging in using your GlobalProtect VPN client

1. After installing the VPN client, the GlobalProtect toolbar menu will open. If it does not open automatically, you can search for GlobalProtect in the bottom left-hand search bar to open it.

2. Click the gear icon in the upper right-hand corner of the toolbar menu, and then select Settings to access the Settings dialog window and configure the VPN client.



3. Under the General tab, click the Add button to add the RelativityOne Portal Address.

Note: Ensure you enter the correct portal. This depends on which geographic region your RelativityOne instance resides in. You should not enter the "http://" preceding the portal address.

4. Click Save.
5. Close the Settings dialog.
6. Click on the GlobalProtect icon in your tray, and then click the blue Connect button.

   A pop-up window for reviewing permissions displays.

7. After reviewing the terms, click Accept.

   

A prompt for your VPN user credentials displays.



8. Choose the appropriate VPN user credentials to sign in with in the Microsoft Pick an account screen. Please note that this prompt might appear twice depending on your organization’s settings.

A window will display momentarily while you are connected to the VPN.

Note: If the GlobalProtect warning displayed below appears, dismiss the window. This is a known issue with the GlobalProtect client itself and will be addressed in future versions.

9. To check your connection status, you can view the GlobalProtect icon in your system tray. When connected, it will look like the following image.

Note: You can click the gear icon, then select Settings to launch the Settings dialog which also shows your connection status. You can perform troubleshooting from this window.

Changing your VPN password

If you are using VPN user credentials that are based on a real email address, not the firstname.last@vpn.relativity.one legacy VPN credentials, the password reset policies are determined either by you or the overall corporation in which your email exists. Please make sure to check with your IT department on how to change your password as Relativity will no longer have any control over performing a password reset for your VPN user.

To change your expiring or expired passwords: 

1. Access https://login.microsoftonline.com. Log in using your Relativity credentials.

   Note: If you are already logged into Microsoft at your organization, you may need to open a private browsing window in your internet browser, incognito or InPrivate, and access https://login.microsoftonline.com from there or log out and log back in with the correct credentials. If you do not do this, you will not be prompted to change your temporary password or may receive an error when you try to log out and then log back in.

2. Change your password.

   There are two ways to change your password:

   • Access your account settings in the upper right corner menu containing your initials by clicking View Account, and then clicking Change Password in the Password tile to change your password. You will be redirected to new password form. Please enter your old, expired, password and new one, and then click Submit.

Note: After changing your password, you must wait 30 minutes before attempting to log in with your new password.

Adding an additional VPN region to GlobalProtect

This guide will show you how to connect to RelativityOne in an additional region. If you need Utility Server details, please contact your Customer Success Manager.

To add an additional VPN region to your client:

1. Search for GlobalProtect icon in the task bar to open it.

2. Click the gear icon in the upper right-hand corner of the toolbar menu, and then select Settings to access the Settings dialog window.
3. Under the General tab, click the Add button to add the new RelativityOne portal URL in Portal Address.

4. Click Save.
5. Close the Settings dialog.
6. Click on the GlobalProtect icon in your tray.
7. Select the newly added Portal from the drop-down menu on the GlobalProtect connection screen.

8. Click the blue Connect button.

A prompt for your VPN user credentials displays.

9. Enter your VPN user credentials.

A window will display momentarily while you are connected to the VPN for the new URL.