You are on the EGO-Virgo landing page

You have reached this page as you are trying to access content that first requires you to have pre-authenticated at the level of the firewall.

To reach the content you are looking for, you must follow one of the alternative methods listed below.

All the methods require to use your EGO Active Directory account. If you don't have it, please refer to the Cascina Cascina EGO-Virgo Accounts page

If you are connecting from one of the supported platforms you can install the specific client described below that creates an encrypted tunnel to a subset of the Cascina internal networks (note that the rest of your traffic to the Internet is not forced to pass through the tunnel).

With the firewall VPN client installed and configured on your endpoint device you are free , once authenticated, to access various internal hosts transparently according to the firewall rules foreseen for your profile during 10 hours without re-authentication as long as the VPN client is not shutdown.

Note that, using this method, for the time of the session you don't need to re-authenticate in case your endpoint device goes into sleep-mode or the contact between the VPN client and the Cascina firewall server is interrupted along the path.

In the following you find the supported VPN clients.
Please install your selected choice (a dedicated icon showing a "lock" or a "key" will then be shown on your task bar) and then follow the indicated instructions for the first-time configuration of the connection to Cascina as a VPN site.
IMPORTANT: in case the client complains that the VPN server fails the verification step, please interrupt the configuration and contact the support at service@ego-gw.it

  1. Android devices:
    Check Point Capsule VPN
    To install, search for "Check Point VPN" from your device with the Google Playstore app and install it.
    In case you are asked to configure your first VPN site click "Cancel" and follow instead the procedure here described.

    Configuration of the Cascina VPN site:
    From a browser on the device click on the following link:
    cpvpn:///?V1&name=EGOvpn&host=fwvpn.ego-gw.it&auth=username&fingerprint=DUCT+RATE+TIRE+ELAN+BANE+DAYS+FEEL+AWK+EDIT+SOUR+DOME+MARK
    and answer to the subsequent questions leaving the default choices.

  2. Apple IoS devices:
    Check Point Capsule Connect
    To install, search for "Check Point Connect" from your device with the Apple Store app and install it.
    In case you are asked to configure your first VPN site click "Cancel" and follow instead the procedure here described.

    Configuration of the Cascina VPN site:
    From a browser on the device click on the following link:
    cpvpn:///?V1&name=EGOvpn&host=fwvpn.ego-gw.it&auth=username&fingerprint=DUCT+RATE+TIRE+ELAN+BANE+DAYS+FEEL+AWK+EDIT+SOUR+DOME+MARK
    and answer to the subsequent questions leaving the default choices.

  3. Ms-Windows from 7 to 10
    Endpoint Security: Check Point Mobile
    You can download it here (Md5 checksum: 511edac6a32cdf5ee67e4573d39beef9)
    Note that you will need the Administrator privileges on your device to install/uninstall this software

  4. MacOS
    Endpoint Security VPN
    You can download it here (Md5 checksum: 684622f0dcbc1778c4389a62ff906428)
    Note that you will need the Administrator privileges on your device to install/uninstall this software
    • Run the .dmg package and select the 2nd menu choice "Check Point Mobile"

    • Configure the Cascina VPN site:

      Start the client from the taskbar and click on the "VPN Options" button and then "New", the Site Wizard starts, fill the requested fields as follows:
      Server address or name: fwvpn.ego-gw.it
      Display name: input a name at your whish like "EGOvpn"
      When you are asked to check the certificate, verify that the shown fingerprint is the following string:
      DUCT RATE TIRE ELAN BANE DAYS FEEL AWK EDIT SOUR DOME MARK
If the procedure has completed successfully, when you click on the "Connect" icon choice you will be requested to input your username and password (your EGO Active Directory credentials).
Note: the saving of these credentials is disabled on the device and in case you are presented with the choice to save them elsewhere (such as in your Google or Apple account) please don't accept.

Note for the connection locally from Cascina
In principle you should not need to use the VPN when connected to one of the wireless networks at Cascina, since you can use directly your Active Directory credentials on the "EGO" wireless SSID with less overhead and wider internal scope.
On-site VPN connections are automatically denied on Android,IoS and Windows with a message explaining that the resources are already available.
MacOS users must instead prevent the VPN client to auto-connect , each time or by disabling the corresponding checkbox in the "VPN Options->fwpn.ego-gw.it->Properties->Settings->Enable Always-Connect" menu. Failing to do so may result in an unstable network configuration.

Eduroam users on-site can instead use the VPN connection as they were outside.

This method is mainly for connection from the platforms for which the VPN is not supported yet (i.e. linux).

In case you need to use this method please do it from a location where you trust the users that share the same IP address with you to go to the Internet (such as at your home) or from a workstation you own at your Institution with an IP address that is not something like (192.168.x.x , 172.16-31.x.x , 10.x.x.x).

If you are in other locations like a conference or a public hotspot like an airport please connect only for a short time and drop the connection with the "Log out" button as soon as you are finished. Failing to do so may cause connection problems when multiple authorized Virgo users near you attempt to authenticate with this method in the same period of time.

To authenticate:

Note that in principle you are allowed to work for 12 hours without re-authentication, but in case your device loses the connection with Cascina for more than about 5 minutes you will need to perform the authentication again, even if your previous autentication page is still open (in which case you need to close it first).