Stormshield Network SSL VPN Client in Windows
For further information on the VPN solutions that Stormshield offers and how to configure them (IPSec VPN and SSL VPN), refer to the page Focus - VPN topologies.
A few remarks before installation
The SN SSL VPN Client can only be used under a single Windows user profile. It must therefore be installed under the Windows profile of the software's end user.
On the other hand, this installation requires privilege escalation. If the user does not have administration privileges on the workstation, during the installation process, he will need to provide the name and password of an account that has administration privileges.
Installing the client
- Download the Stormshield Network SSL VPN Client software from the Firewall’s authentication portal (or from your private area on the website):
- Double-click on the executable that you have saved on your workstation. You must be the local administrator on the workstation or provide the password for an administrator account.
- Follow the steps in the various windows of the installation wizard. Only the installation path and a group of programs to be associated need to be customized if you wish to do so.
Configuration files are downloaded and integrated automatically when you use the Stormshield Network SSL VPN Client. After authenticating and validating the privilege to use SSL VPN, the client will retrieve all the data needed for the configuration.
Deploying the client via a GPO
In a Microsoft Active Directory environment, the Stormshield Network SSL VPN Client can be deployed automatically through a Global Policy Object (GPO). The installation can therefore be carried out discreetly (invisible to the user), with the necessary administration privileges and when a mobile client logs on to the company’s network.
In the context of a GPO, you can also enter the registry key HKEY_CURRENT_USER\Software\Stormshield\SSL VPN Client\address on the client workstation with the IP address or the FQDN of the Firewall. From the first time it is used, the Stormshield Network SSL VPN Client will read this key and automatically fill in the Firewall Address field.
Using the address book
- Right-click on the Stormshield Network SSL VPN Client icon located in the taskbar of the Windows host.
- Select the Open address book menu.
You have the option of remembering connection information on your various firewalls via SSL VPN. This information is stored on the client workstation on which the client has been installed.
They can be encrypted if you select the optionThe address book is encrypted. In this case, you will be asked to enter an encryption key.
The information remembered for each address book entry will be the name of the connection profile created, the firewall's IP address, the connection login and password as well as an optional description:
If you modify the option The address book is encrypted, you will need to save the address book again in order to apply the changes.
Select the option Display passwords in order to check the passwords used for each firewall saved in the address book (passwords will be displayed in plaintext).
The Import and Export buttons will also allow importing an existing address book or exporting the current one.
Adding a connection profile
To add a connection profile to the address book:
- Click on Add.
- Fill in the various fields in the window:
- When the listening port of the SSL VPN server is different from the default port (TCP/443), fill in the Address field using the firewall's IP address and listening port, separated by a colon (" : "):
- Confirm by clicking on OK.
Modiyfing a connection profile
You will be able to modify a profile at any moment by selecting it then clicking on Modify: