Getting started

SSL VPN allows remote users to securely access a company's resources - internal or otherwise - via the SNS firewall.

An SSL VPN client must be installed on the user’s workstation or mobile device before a VPN tunnel can be set up with the SNS firewall. Communications between the SNS firewall and the user are then encapsulated and protected via an encrypted TLS tunnel.

This tunnel can only be set up if the user is authenticated over a TLS communication channel, and encrypted with shared client and server certificates that have been signed by a certification authority (CA) on the SNS firewall. This solution therefore guarantees confidentiality, integrity and non-repudiation.

This technical note provides details on:

  • Enabling and configuring the SSL VPN service on SNS firewalls in version 4.x,
  • Implementing zero trust network access (ZTNA) with SNS firewalls in version 4.8 and higher, and Stormshield SSL VPN clients in version 4.0 or higher,
  • Installing the Stormshield SSL VPN client in version 4.x, configuring and using the client, including the setup of an SSL VPN tunnel, some of its specific characteristics (compatibility, connection modes, etc.) and access to its logs,
  • Tracking users who are connected to the SSL VPN,
  • Some information regarding OpenVPN Connect.

In the rest of this document, SN SSL VPN Client may be referred to as "Stormshield SSL VPN client".

NOTE
If you are using the Stormshield VPN SSL client in version 5, refer to the Stormshield SSL VPN Client v5 documentation.

 

Date Description
May 22, 2025
  • Addition of the setting "Enable DCO kernel acceleration", and information relating to networks assigned to VPN clients, as well as the maximum number of VPN tunnels allowed in the section "Configuring the SSL VPN service" for SNS in version 5.

  • The client workstation verification (ZTNA) configuration now occupies its own section in the document, and its contents have been modified.

  • Addition of a new issue on the display of a warning message regarding the LZ4 compression feature in the "Troubleshooting" section.

March 13, 2025
  • Release of Stormshield SSL VPN client 4.0.10.
  • Explanations added regarding updates to a version lower than version 4 in the section "Specific characteristics of Stormshield SSL VPN clients".
  • Changes to information regarding SSL VPN connection logs in the section "Viewing the Stormshield SSL VPN client's logs".
  • Addition of two issues in the section "Troubleshooting".
February 06, 2025
  • Addition of the field "Allow tunnels to be set up for Linux or Mac Stormshield SSL VPN clients" in the section "Configuring the SSL VPN service > Configuring the policy verifying the compliance of client workstations (in ZTNA)".
November 13, 2024
  • Release of Stormshield SSL VPN client 4.0.9.
  • Addition of a paragraph “Limitations and explanations on usage” in the section “Specific characteristics of Stormshield SSL VPN clients”
  • Changes to information regarding the use of push mode:
    • With the address book in the section "Configuring the Stormshield SSL VPN client",
    • In the section "Setting up a VPN tunnel with the Stormshield SSL VPN client"
  • Removal of the note regarding users who share a Windows workstation with other users in the section "Setting up a VPN tunnel with the Stormshield SSL VPN client".
October 07, 2024
  • Addition of explanations regarding the interval before key renegotiation in the section "Configuring the SSL VPN service".
  • Addition of explanations regarding the use of push mode:
    • With the address book in the section "Configuring the Stormshield SSL VPN client",
    • In the section "Setting up a VPN tunnel with the Stormshield SSL VPN client"
August 22, 2024
  • Release of Stormshield SSL VPN client 4.0.
  • Content relating to OpenVPN Connect has been moved to an appendix, and content relating to the Stormshield SSL VPN client now contains its own sections.
  • Content on the Stormshield SSL VPN client has been enriched:
    • Addition of new specific characteristics,
    • Addition of .exe format for the installation program,
    • Addition of procedures for deployment via a group policy (GPO) and via a script,
    • Changes to the names of certain fields in the procedures,
    • Addition of information regarding available logs.
  • The content in the section "Tracking users connected to the SSL VPN on the SNS firewall" has been enriched.
  • Addition of the implementation of zero trust network access (ZTNA).