New Stormshield SSL VPN Client behavior
This section lists the changes made to the automatic behavior of the Stormshield SSL VPN Client when it is updated from the latest available version 4 to 5.1.1 EA.
Changes introduced in version 5.1.1 EA
-
Available languages - The Stormshield SSL VPN client is available in French and English. It is no longer available in German.
-
Certificates
-
SHA-1 and MD5, which have been announced as obsolete as of version 4.0.5 EA, are no longer supported on the Stormshield SSL VPN client. If you need to update the certificate that is generated by default on the SNS firewall for the SSL VPN service, refer to the Stormshield knowledge base article How can I regenerate the sslvpn-full-default-authority? (authentication required).
-
During the initial connection, some users will need to indicate once again that the SNS firewall certificate has to be trusted.
-
-
Manual mode/Imported OVPN files - A new method of importing OVPN files is now available. During an update from version 4 or lower to version 5, older imported OVPN files will not be retrieved. You therefore need to import them again after the update is complete.
-
Address book/Saved connections - The "Address book" is now named "Saved connections". During an update from version 4 or lower to version 5, address book entries are added to saved connections, either automatically, or by entering the address book password the first time that the Stormshield SSL VPN client starts up, if the address book is protected. The original address book is not modified, and will be kept at its original location.
-
Update from a version lower than version 5 - The version 5 installation program no longer manages the uninstallation of version 3 and lower versions. During an update from one of these versions, you need to uninstall the original version in advance, before installing version 5.
-
The Stormshield SSL VPN client's traffic is now initiated by a service account. If a hardened configuration is used on workstations (e.g., when a firewall is used), the Stormshield SSL VPN client must be able to contact the following ports to set up SSL VPN connections. As the listed ports are from a default configuration, adapt them if necessary.
Source | Destination | Protocol/Port (default) | Purpose of the connection |
---|---|---|---|
Client (SSLVPNService)
Stormshield mode only |
OpenVPN gateway | TCP/443 (captive portal) |
Retrieve SSL VPN configuration and send information to the SNS firewall to verify the compliance of the client workstation (ZTNA). |
Client (OpenVPN) | OpenVPN gateway | UDP/1194 (SSL VPN) |
Set up the SSL VPN connection |
Client (OpenVPN) | OpenVPN gateway | TCP/443 (SSL VPN) |
Set up the SSL VPN connection (compatibility) |