Setting up a secure connection

This section explains how to set up secure connections with the Stormshield SSL VPN client.

NOTE
Only one connection can be set up at a time.

Setting up a saved connection

To set up a saved connection, information on the connection in question has to be saved in advance. For more information, refer to the section Managing saved connections.

  1. You can set up a saved connection in the following menus:

    • In the Quick connection menu: select a favorite connection from the drop-down list, or the last connection used, and click on the connection button Connection icon in the Quick connection menu, which makes it possible to set up an SSL VPN tunnel.

    • In the Saved connections menu: in the section of the saved connection to which you wish to log in, click on Connect.

    • In the pop-up menu of the Stormshield SSL VPN client icon Icon of the Stormshield SSL VPN client version 5: select SSLVPN, then click on a favorite connection or the last connection used.

  2. If additional information is required to set up the connection, such as an OTP, enter it. If single sign-on is used, authenticate on the portal, which opens automatically in your web browser, to set up the connection.

Once you are logged in, the Icon of the Stormshield SSL VPN client in green, indicating that an SSL VPN tunnel has been set up icon of the Stormshield SSL VPN client and the connection button Connection icon in the Quick connection menu, which indicates that an SSL VPN tunnel has been set up both turn green. If an error occurs, refer to the section When a connection error occurs.

If single sign-on is used, the expiry date of your authentication session appears. For more information, refer to the section Using single sign-on to set up a connection.

You can log out by clicking out on Disconnect or on the connection button.

Quick connection menu

  

Saved connections menu

Image showing the Quick connection menu

 

Image showing a section of a saved connection

Pop-up menu

Image of the pop-up menu in which an SSL VPN tunnel is currently set up

Setting up a connection without saving information

  1. Go to the Direct connection menu.

    Image showing the Direct connection menu

  2. Choose between Stormshield mode and Import OVPN file and fill in the fields.

    NOTE
    If you need help in choosing the right mode or filling in the fields, refer to the descriptions provided in the section Adding, editing or deleting saved connections. The modes and fields are similar in both menus, with a few exceptions mentioned in the descriptions.

  3. Click on Connect.

  4. If single sign-on is used, authenticate on the portal, which opens automatically in your web browser, to set up the connection.

Once you are logged in, the Icon of the Stormshield SSL VPN client in green, indicating that an SSL VPN tunnel has been set up icon of the Stormshield SSL VPN client and the connection button Connection icon in the Quick connection menu, which indicates that an SSL VPN tunnel has been set up both turn green. If an error occurs, refer to the section When a connection error occurs.

If single sign-on is used, the expiry date of your authentication session appears. For more information, refer to the section Using single sign-on to set up a connection.

You can log out by clicking out on Disconnect or on the connection button.

Using single sign-on to set up a connection

If you are using single sign-on to set up a connection in the Saved connections or Direct connection menu, the expiry date of your authentication session will appear in the graphical interface once the connection is established,

As long as this date has not been reached, and your authentication session is still valid on the SNS firewall, you do not need to authenticate again to set up the connection.

Saved connections menu

  

Direct connection menu

Image showing the section of a saved connection in which the user is currently authenticated

 

Image showing the Direct connection menu, in which the user is currently authenticated

When requested by an administrator from your organization, you can cancel your authentication before it expires:

  1. Click on the Button to cancel authentication button to the right of the date on which your authentication session expires.
  2. Click on OK. This operation will not disconnect the connection that is currently set up.

When a connection error occurs

  • Read the error message that appears. If necessary, you can find it in the Connection logs menu.

  • Check the connection information that has been entered, either in the Direct connection menu, or in the information on the saved connection. If an OTP was used, check whether it is still valid. The Stormshield SSL VPN client will make several attempts to connect if no response is received, but the OTP may expire in the meantime.

  • If the warning message "Probable security risk" appears, this means that the certificate presented to the Stormshield SSL VPN client cannot be automatically validated. You will then need to indicate whether to trust the certificate and connect, or cancel the connection.

    Image representing the "Probable security risk" window, which appears when the certificate that was presented by the server cannot be automatically validated.

    To do so, display information on the certificate and its trust chain by clicking on Advanced > Show certificate to check whether the connection is secure. If you are unable to decide, get in touch with an administrator from your organization.

    If you choose to trust the certificate and connect, this decision will be saved for the connection used. The message will appear again if you use another saved connection or a connection from the Direct connection menu.

  • Ensure that the Stormshield SSL VPN client can reach the SNS firewall (this can be done by an administrator from your organization):