Specific characteristics of Stormshield SSL VPN clients

This section presents some of the specific characteristics of Stormshield SSL VPN clients

Compatible versions and operating systems

For more information on operating systems and compatible versions, refer to the section SSL VPN Client in the Network Security & Tools Product Life Cycle document.

Ports and protocols

In a default configuration, the Stormshield SSL VPN client must be able to contact the following ports to set up SSL VPN connections.

Source	Destination	Protocol/Port (default)	Purpose of the connection
Client (SSLVPNService) Stormshield mode only	OpenVPN gateway on the SNS firewall	TCP/443 (captive portal)	Retrieve SSL VPN configuration and send information to the SNS firewall to verify the compliance of the client workstation (ZTNA)
Client (OpenVPN)	OpenVPN gateway on the SNS firewall	UDP/1194 (SSL VPN)	Set up an SSL VPN connection
Client (OpenVPN)	OpenVPN gateway on the SNS firewall	TCP/443 (SSL VPN)	Set up an SSL VPN connection (compatibility)

Source

Destination

Protocol/Port (default)

Purpose of the connection

Client (SSLVPNService)

Stormshield mode only

OpenVPN gateway on the SNS firewall

TCP/443
(captive portal)

Retrieve SSL VPN configuration and send information to the SNS firewall to verify the compliance of the client workstation (ZTNA)

Client (OpenVPN)

OpenVPN gateway on the SNS firewall

UDP/1194
(SSL VPN)

Set up an SSL VPN connection

Client (OpenVPN)

OpenVPN gateway on the SNS firewall

TCP/443
(SSL VPN)

Set up an SSL VPN connection (compatibility)

To set up an SSL VPN connection with the SNS firewall, the Stormshield SSL VPN client always uses UDP first to ensure optimal performance. This sequence is defined in the VPN configuration file provided by the SNS firewall.

Running scripts

The Stormshield SSL VPN client can automatically run scripts on the user's workstation every time an SSL VPN connection is opened or closed.

In Windows, the SNS firewall provides these scripts to the Stormshield SSL VPN client. These scripts have to be added to the configuration of the SNS firewall’s SSL VPN service. For more information, refer to the SSL VPN administration guide for SNS firewalls and Stormshield SSL VPN clients.

In Linux and macOS, these scripts are used to accommodate a specific DNS configuration when OpenVPN does not manage it natively. For more information, refer to the sections Installing on a Linux operating system and Installing on a macOS operating system.

Limitations and explanations on usage

For more information, refer to the section Limitations and explanations on usage in the SSL VPN Client release notes.