Main features of SN VPN Client Exclusive 7.0

SN VPN Client Exclusive is a VPN client solution. When it is installed on a Windows workstation, VPN tunnels can be set up with a Stormshield Network Security firewall to secure communications between remote users and a network protected by an SNS firewall.

SN VPN Client Exclusive can be installed in the following environments:

  • Windows 10 64-bit,

  • Windows 11 64-bit.

For more information regarding SN VPN Client Exclusive 7.0, refer to the Administrator's guide on Stormshield’s technical documentation website.

SN VPN Client Exclusive version 7.0 is equipped with the following main features:

High level of security

The SN VPN Client Exclusive client was developed according to the recommendations set out by the NIST and ANSSI (French National Cybersecurity Agency). It factors in the authentication features available on the information system, and includes the relevant mechanisms enabling integration with existing PKIs. All the protocols and algorithms implemented in the software make it a universal client that allows you to connect to all mainstream VPN gateways, regardless of whether they are hardware-based or software-based.

GINA mode

The GINA mode allows you to open VPN connections before the Windows logon. This function can, for example, create a secure connection to an access rights management server so that the user workstation access rights can be obtained before opening a user session.

TND (Trusted Network Detection)

This feature consists in detecting whether the workstation is connected to the corporate network (trusted network) or not. When the VPN Client detects that workstation is not on the corporate network, the predefined tunnel is opened automatically.

TrustedConnect uses two methods to detect whether the workstation is on a trusted network:

  • It checks whether the DNS suffixes of the network interfaces available on the workstation are part of the list of trusted DNS suffixes (list configured in the software, see below),

  • Automatically accesses a trusted web server in HTTPS mode and checks that its certificate is valid.

Always-On mode

The Always-On feature always ensures that the connection remains secure whenever the network interface changes.

The following network interfaces are supported:

  • Virtual adapter (e.g. vmware),

  • Wi-Fi,

  • Ethernet,

  • USB modem (i.e. smartphone),

  • Bluetooth modem (i.e. smartphone),

The following network events trigger automatic tunnel reconnection (and, where appropriate, detection of the trusted network):

  • Connection to a network (APIPA addresses ignored),

  • Disconnection from a network,

  • An adapter changes IP address or DHCP switches to static or vice versa,

  • ipconfig /release,

  • ipconfig /renew,

  • Switch to airplane mode.

Microsoft Windows Installer (MSI)

Administrators can take advantage of the features found in the Windows installer (MSI) to deploy and administer the SN VPN Client Exclusive client using pool and user group management tools (GPO). Apart from the silent installation, scripts, customization options and pre-configuration options such as the customization of the user interface, or the configuration of PKI features, can be fully managed from a central location.

Certificate on a smart card or token

The SN VPN Client Exclusive client implements a mechanism to automatically detect smart card insertion. Tunnels that are associated with a certificate stored on a smart card will therefore be established automatically when the smart card is inserted. Likewise, removing the smart card will close all the corresponding tunnels.

Administrator logs, console, and traces

The SN VPN Client Exclusive client offers three types of logs:

  • "Administrator” logs are specifically designed for software activity and usage reports. The following actions can be performed on collected logs either exclusively or simultaneously:

    • Store in a local file,

    • Record in the Windows Event Log,

    • Send in syslog format to a Syslog server.

  • The "Console” provides detailed information on the tunnels as well as the related opening and closing steps. It essentially consists of the IKE messages and provides high-level information about the establishment of the VPN tunnel. It is intended for administrators to identify possible VPN connection issues.

  • The “Trace” mode makes every component of the software write an activity log about its inner workings. This mode is intended for vendor support to diagnose software issues.