IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
IDENTIFICATION PORTAL
For the sake of strengthening security, the connection to the authentication portal and to the Web administration interface is possible only by forcing certain options in the SSL protocol. Version SSLv3 is disabled and the TLS versions enabled, according to the recommendations given by the French Network and Information Security Agency (ANSSI).
As these options are not supported in Internet Explorer versions 6, 7 and 8, you are advised to use a higher version of this browser. Nonetheless, this mode may be disabled via command line in the CLI (CONFIG AUTH HTTPS sslparanoiac=0 / CONFIG AUTH ACTIVATE).
Connection
In order to configure your Stormshield Network firewall, you need to log onto the web administration interface.
Configuration of a firewall is only accessible to administrators of the product. The “super admin” user or the administrator who holds all privileges can assign privileges to users and/or user groups in the menu System>Administrators.
Presentation
The connection module consists of 2 sections:
- A static section
- A collapsible section: options
The information required depends on whether it is the administrator’s first connection to the firewall.
| User |
This field is reserved for users who have at least basic privileges. |
| Password |
User’s password, which he will be asked to enter upon his initial connection. For a default configuration, no passwords need to be entered (empty field). |
| Authentication with SSL certificate |
If this option is selected, the fields Username and Password will no longer be necessary, and therefore grayed out.
The following message will appear: “Using a certificate will allow you to authenticate automatically. Enable automatic authentication?”. " Select Manual authentication or Automatic authentication.
The automatic connection option can be enabled automatically in the section Preferences\Connection settings\ Connect automatically with an SSL certificate. |
| Log in |
Clicking on this button or pressing “Enter” will allow sending connection information to the firewall. |
REMARKWARNING
The Stormshield Network Firewall is case-sensitive and distinguishes uppercase and lowercase letters, both for the username as well as for the password.
Additional Options
| Language |
Language of the web-based graphical interface. When the user chooses a new language for the web interface, the authentication page will reload in the selected language. Available languages are English, French, Polish, Hungarian and German. |
| Read Only |
Allows connecting in “read-only” mode. As such, you will be able to log onto the firewall without modification privileges using an account that ordinarily has such privileges. This allows the user to refrain from using modification privileges if they are not necessary. |
REMARK
- Options are contained in a cookie. The user therefore stores his connection preferences on his browser.
- If the “read only” option has been enabled in a cookie during the connection to the authentication page, to avoid confusion, part of the options will be presented to the user as deployed options.
Error notifications
When a field is empty
If a user attempts to authenticate without having entered the User or Password field, authentication will not be launched and the message “This field should not be empty” will appear.
When “Caps lock” has been enabled
If this button has been enabled when the user enters his password, a warning icon will indicate that “Caps Lock has been enabled”.
Authentication failure
When authentication fails, the message “Authentication has failed” will appear in red.
REMARK
Protection from brute force attacks:
When too many requests are sent with the wrong password, the following message will appear: “Protection of authentication from brute force attacks has been enabled. The next authentication attempt will be possible in <number of seconds>”.
The “admin” account, super administrator
By default, only one user has administration privileges on Stormshield Network products – the “admin” account (whose login is “admin”). This administrator holds all privileges and can perform certain operations such as the modification of a user’s authentication method, for example.
WARNING
The administrator account has the value “admin” as login and password by default.
REMARK
Given the privileges assigned to the “admin” account, Stormshield Network recommends that you use this account only for tests or maintenance operations.
Only the “admin: user can assign administration privileges to other users.
Logging off
The procedure for logging off the firewall is as follows:
Click on 
at the top right side of the interface. The window “Quit?” will appear with the following message: “You are about to be disconnected ". Click on Quit or on Cancel if you do not wish to log off.
By clicking on Quit, the interface will return to the connection window. Cancelling will return the user to the main screen, without any effect to the execution of the program.