Getting started

SSL VPN allows remote users to securely access a company's resources - internal or otherwise - via the SNS firewall.

An SSL VPN client must be installed on the user’s workstation or mobile device before a VPN tunnel can be set up with the SNS firewall. Communications between the SNS firewall and the user are then encapsulated and protected via an encrypted TLS tunnel.

This tunnel can only be set up if the user is authenticated over a TLS communication channel, and encrypted with shared client and server certificates that have been signed by a certification authority (CA) on the SNS firewall. This solution therefore guarantees confidentiality, integrity and non-repudiation.

This technical note provides details on:

  • Enabling and configuring the SSL VPN service on SNS firewalls in version 4.x,
  • Implementing zero trust network access (ZTNA) with SNS firewalls in version 4.8 and higher, and Stormshield SSL VPN clients in version 4.0 or higher,
  • Installing the Stormshield SSL VPN client in version 4.x, configuring and using the client, including the setup of an SSL VPN tunnel, some of its specific characteristics (compatibility, connection modes, etc.) and access to its logs,
  • Tracking users who are connected to the SSL VPN,
  • Some information regarding OpenVPN Connect.

In the rest of this document, SN SSL VPN Client may be referred to as "Stormshield SSL VPN client".

NOTE
If you are using the Stormshield VPN SSL client in version 3.x, refer to the technical note Configuring and using the SSL VPN on SNS firewalls with the SSL VPN Client v3 (PDF only).

 

Date Description
November 13, 2024
  • Release of Stormshield SSL VPN client 4.0.9.
  • Addition of a paragraph “Limitations and explanations on usage” in the section “Specific characteristics of Stormshield SSL VPN clients”.
  • Changes to information regarding the use of push mode:
    • With the address book in the section "Configuring the Stormshield SSL VPN client",
    • In the section "Setting up a VPN tunnel with the Stormshield SSL VPN client".
  • Removal of the note regarding users who share a Windows workstation with other users in the section "Setting up a VPN tunnel with the Stormshield SSL VPN client".
October 7, 2024
  • Addition of explanations regarding the interval before key renegotiation in the section "Configuring the SSL VPN service".
  • Addition of explanations regarding the use of push mode:
    • With the address book in the section "Configuring the Stormshield SSL VPN client",
    • In the section "Setting up a VPN tunnel with the Stormshield SSL VPN client"
August 22, 2024
  • Release of Stormshield SSL VPN client 4.0.
  • Content relating to OpenVPN Connect has been moved to an appendix, and content relating to the Stormshield SSL VPN client now contains its own sections.
  • Content on the Stormshield SSL VPN client has been enriched:
    • Addition of new specific characteristics,
    • Addition of .exe format for the installation program,
    • Addition of procedures for deployment via a group policy (GPO) and via a script,
    • Changes to the names of certain fields in the procedures,
    • Addition of information regarding available logs.
  • The content in the section "Tracking users connected to the SSL VPN on the SNS firewall" has been enriched.
  • Addition of the implementation of zero trust network access (ZTNA).