In order for users to access LeoMed, the LeoMed support team must first whitelist (allow) the required Network(s). This applies to both ETH internal and external Networks. This applies to the login node and the Customapps Client (Customapps Client).

Internal sources (from ETH internal Networks): for ETH-internals to get access to LeoMed

ETH Internal Networks (including VPN, docking stations and others) are not allowed by default, only Staffnet VPN is allowed by default for all new tenants.


The Students VPN is not allowed to access LeoMed for security reasons. Students who require access to LeoMed must be added to the corresponding VPN for the project. For more information please contact the ISG for the project.

External sources: for ETH-externals to get access to LeoMed

Prerequisites at your institution's network

Outbound traffic

Your institution's network needs to allow:

  • SSH traffic (if you want to access LeoMed via the command line and SSH) and/or
  • HTTPS traffic (if you want to access LeoMed via the browser and remote desktop)


It is recommended to you check with your local IT support that this traffic is allowed, and nothing is filtered as we have seen users experiencing issues with their institutional proxy service that prevented them from accessing LeoMed.

Network characteristics

The following criteria need to be met:

  • No IP addresses from your private home are allowed.
  • Only institutional IP addresses can be whitelisted.
  • The IP address or address range needs to be fixed, dynamic IPs and domains cannot be whitelisted.
  • When providing a range of addresses, it is preferred to have one restricted in scope to only users who will need to connect to LeoMed. For example, it is preferred to log in to LeoMed from a research group VPN that only is accessible by users required to access LeoMed vs logging in to LeoMed from a VPN accessible by the entire institution.
  • Whitelisting any ETH-external addresses will have to be approved by the LeoMed IT security officers.

It is preferred that you access LeoMed via a workstation within an institutional network (resulting in you accessing LeoMed from a single fixed IP address). If that is not possible, there are several alternatives:

  • Option A (preferred): you access LeoMed from a dedicated network or VPN that only includes other members of your institution that will need to access LeoMed. Please ask your local IT support whether this is in place or can be provided. In order to whitelist, the LeoMed support will need to be informed about who has access to this network.
  • Option B: you access LeoMed via a jump host located within your institution's network and managed by your local IT support. This host should only be accessible by users that should have access to LeoMed. Note that this local jump host needs to be managed by your local IT support and the LeoMed support team will not manage this host. Please ask your local IT support whether this is in place or can be provided.