A Virtual Private Network (VPN) is a way of extending our internal network out to systems connected on the internet. Once connected via a VPN, a remote system appears to be connected locally to our network thereby getting all the facilities available to local users and avoiding blocks placed in intervening firewalls. All data passed via a VPN is encrypted.

All devices connecting to the Physics network this way MUST be running a supported OS and have all application and operating system updates applied, running a Firewall, running Antivirus Software - with up to date virus definitions and running Spyware detection.
The terms and conditions specified in the Department of Physics Rules for Computer Use apply.

While connected to the VPN certain obvious external video streaming sites are blocked as there is no logical reason to use the VPN to connect to these sites and it would reduce performance for others using the VPN.

Basically the traffic would pass from the internet into Physics and then back out again to the user at home rather than directly to them. This makes sense to access journals that only Physics have a subscription for but not generic video streaming sites such as YouTube. The same applies to running video conferencing, (eg Zoom, Teams, Skype), performance will be better without VPN.

Please only stay connected via VPN to access Physics only services then disconnect to resume normal browsing and video conferencing.

Downloading the Fortigate VPN client

The Fortigate client is pre installed on Physics Windows laptops and remote workstations. The software is available to install from the Self Service application on macOS systems.

Alternately download the FortiClient VPN-only application for your operating system: https://www.fortinet.com/uk/support/product-downloads

1. Install the Client, you will need Admin Privileges.
   Scrolling down the install dialogue box if required.
   Tick "Accept terms and conditions"
   Click "I Accept" button
2. If on Windows you'll notice a new icon in the system tray. A blue shield with a tick. On macOS it will appear in the menubar at the top of the screen.
3. Double click on the shield then select Configure VPN

Configuring the Fortigate VPN client

Connection Name = Physics Fortigate - SSO
Remote Gateway = vpn.physics.ox.ac.uk
Leave Customize port unticked default is port 443
Client Certificate = None
Enable Single Sign On (SSO) for VPN Tunnel = Tick
Use external browser as user-agent for saml ... = Tick
Leave Enable Dual-stack IPv4/IPv6 address unticked

You should now see the VPN profile below. Click Connect to connect to the Physics VPN using your SSO.

You will either be greeted with a request for login username, or a list of previously logged in accounts, either fill in your SSO username in the format
username@OX.AC.UK and click next, or otherwise click the previously used Oxford SSO account.

Please now enter your SSO password.

 

At this stage you need to verify your identity with a second factor, which can be one of the following:-

• Microsoft Authenticator App
• An alternative Authenticator App
• One Auth
• Phone Call / Text Message  (Not available for SSO accounts generated after 12 August 2025)
• Security Key

Detailed on the configuration of a second factor can be found at Oxford University Second Factor Help

 

 

If the VPN gets stuck while trying to connect:

After entering physics credentials, the VPN will show a percentage of progress toward connecting. If this percentage is persistently getting stuck, there is likely a security alert preventing the connection. Check the Windows task bar at the bottom of the screen for a window that has opened behind the VPN.

If this alert is there, click Yes and the VPN should then proceed to connect.

Linux

If the FortigateVPN application fails for your Linux client try this alternative. Setting up Fortinet SSL VPN on Ubuntu and Debian