Setting up a secure connection
This section explains how to set up a secure connection with the Stormshield SSL VPN client.
NOTE
Only one connection can be set up at a time.
Setting up a saved connection
To set up a saved connection, its details have to be saved in advance in Saved connections.
-
You can set up a saved connection in the following menus:
-
In Quick connection: select a connection from the drop-down list, and click on the connection button
. You can select the last connection used or a favorite connection. -
In Saved connections: click on Connect in the section of a saved connection.
-
In the pop-up menu: click on the
icon of the Stormshield SSL VPN client to open the pop-up menu, select SSLVPN and click on the last connection used or a favorite connection.
-
-
If additional information is required to set up the connection, such as an OTP, enter it. If single sign-on is used, authenticate on the portal, which opens automatically in your web browser, to set up the connection.
Once you are logged in, the 
icon of the Stormshield SSL VPN client and the connection button 
both turn green. If an error occurs, refer to the section When a connection error occurs.
If single sign-on was used to set up the connection, the expiry date of your authentication session appears. For more information, see the section Setting up a connection using single sign-on.
Log out by clicking on Disconnect or on the connection button .
|
Quick connection menu |
Saved connections menu |
|
|
|
|
|
Pop-up menu |
|
|
Setting up a connection without saving information
-
Go to the Direct connection menu.
-
Choose between Stormshield mode and Import OVPN file and fill in the fields.
if necessary, refer to the information available in the section Adding, editing or deleting saved connections. The modes and fields are similar in both menus, with a few exceptions mentioned in the descriptions.
NOTE
The Stormshield SSL VPN client has been designed to connect to SNS firewalls in version 4 or 5. Methods that involve connecting to another OpenVPN gateway, or importing an OVPN file generated by another OpenVPN gateway, are not officially supported, and may not be guaranteed to function normally. -
Click on Connect.
-
If single sign-on is used, authenticate on the portal, which opens automatically in your web browser, to set up the connection.
Once you are logged in, the icon of the Stormshield SSL VPN client and the connection button both turn green. If an error occurs, refer to the section When a connection error occurs.
If single sign-on was used to set up the connection, the expiry date of your authentication session appears. For more information, see the section Setting up a connection using single sign-on.
Log out by clicking on Disconnect or on the connection button .
Setting up a connection using single sign-on
To set up a connection using single sign-on, you must first select Stormshield mode and the checkbox Connect with single sign-on in the details of the saved connection or direct connection.
- Set up the connection under the menu of your choice.
- On the authentication portal that automatically opens in your web browser, follow the steps in the authentication process.
- Once you are successfully authenticated, wait while the Stormshield SSL VPN client sets up the connection.
Once you are logged in, an expiry date will appear in the Saved connections or Direct connection menu, depending on whether the connection is saved.
|
Saved connections menu |
Direct connection menu |
|
|
|
|
As long as the expiry date remains in the future, you can set up the connection without having to authenticate again.
When requested by an administrator from your organization, you can cancel your authentication before it expires:
- Click on the
button to the right of the date on which your authentication session expires. - Click on OK. This operation will not disconnect the connection that is currently set up.
When a connection error occurs
-
Read the error message that appears. If necessary, you can find it in the Connection logs menu.
-
Check the information that has been entered for the saved connection or direct connection.
-
If an OTP was used, check whether it is still valid. The Stormshield SSL VPN client will make several attempts to connect if no response is received, but the OTP may expire in the meantime.
-
If the message "The VPN configuration has been updated. Enter a new OTP to connect." appears, this means that the Stormshield SSL VPN client has just retrieved a VPN configuration update from the SNS firewall.
As the OTP (one-time password) that you entered was used to retrieve the VPN configuration update, it can no longer be used to set up the connection with the new VPN configuration.
Wait for a new OTP to be generated in your OTP generator, then connect.
-
If the warning message "Probable security risk" appears, this means that the certificate presented to the Stormshield SSL VPN client cannot be automatically validated. You will then need to indicate whether to trust the certificate and connect, or cancel the connection.
To do so, you need check whether the connection is secure. Click on Advanced > Show certificate, and verify the details of the certificate and its trust chain; If you are unable to decide, get in touch with an administrator from your organization.
If you choose to trust the certificate and connect, this decision will be saved for the connection used. The message will appear again if you use another saved connection or a connection from the Direct connection menu.
-
Ensure that the Stormshield SSL VPN client can reach the SNS firewall (this can be done by an administrator from your organization):
-
Check the configuration of the SSL VPN service and associated elements by referring to the SSL VPN administration guide for Stormshield SNS firewalls and SSL VPN clients.
-
If a hardened configuration is used on the organization's workstations (use of a firewall, for example), the Stormshield SSL VPN client may be unable to connect if some ports are unreachable. For further information on ports and protocols, refer to the Stormshield SSL VPN client installation guide.
-