Specific characteristics of Stormshield SSL VPN clients
This section presents some of the specific characteristics of Stormshield SSL VPN clients
Compatibility
Compatible versions and operating systems
For more information, refer to the Network Security & Tools life cycle guide.
Compatible multifactor authentication methods
-
Password + OTP.
This method is compatible with the Stormshield TOTP solution. The SNS firewall must be in version 4.5 and higher to use this solution,
- OTP only,
- Push mode (use of a third-party application to approve the connection).
Connection modes
Automatic mode
In this mode, the Stormshield SSL VPN client automatically and securely retrieves its SSL VPN configuration on the SNS firewall. It operates as follows:
During the initial connection:
-
The Stormshield SSL VPN client will authenticate the first time on the SNS firewall:
-
The Stormshield SSL VPN client automatically retrieves its VPN configuration,
-
The SNS firewall and the Stormshield SSL VPN client apply the policy verifying the compliance of client workstations (ZTNA).
-
-
If the first authentication is successful, the Stormshield SSL VPN client will authenticate a second time on the SNS firewall to set up the SSL VPN tunnel,
During subsequent connections:
-
The Stormshield SSL VPN client checks whether a new VPN configuration is available:
-
If there are no new configurations, the Stormshield SSL VPN client will authenticate on the SNS firewall to set up the SSL VPN tunnel,
-
If a new configuration is available, the Stormshield SSL VPN client will authenticate twice, similarly to the initial connection.
-
Manual mode
In this mode, you have to import the VPN configuration into a connection profile.
You can retrieve the VPN configuration (.ovpn file) from the captive portal of the firewall hosting the SSL VPN service, or from the firewall's administration interface. This operation is described in the section Retrieving the SSL VPN configuration (.ovpn file).
Connection mode compatibility table
This table sums up the compatible features based on the connection mode used.
| Feature | Automatic mode | Manual mode |
|---|---|---|
| Address book |
|
|
| Profile management |
|
|
| Client workstation compliance (ZTNA) verification SNS version 4.8 and higher required |
|
|
Stormshield SSL VPN client features
Address book (Automatic mode required)
The Stormshield SSL VPN client has an address book that makes it possible to remember the login information to various firewalls: address to connect to the firewall (IPv4 address or FQDN), login, password and the use of multifactor authentication.
Running scripts
In Windows, the Stormshield SSL VPN client can automatically run scripts on the user's workstation every time an SSL VPN tunnel is opened or closed. To do so, you need to add in advance the scripts to run in the configuration of the SNS firewall’s SSL VPN service. This operation is described in the section Scripts to run on the client.
Limitations and explanations on usage
Downgrading to a version lower than version 4
Downgrades to a version lower than SN SSL VPN Client version 4 are not supported.
When an address book from SN SSL VPN Client version 3 is opened in version 4, its format will be automatically updated, and it can no longer be used with version 3. If necessary, you can keep a copy of the address book file in version 3 before updating SN SSL VPN Client to version 4.
Displaying the icon in the Windows 11 system tray
In Windows 11, ensure that the display of the SN SSL VPN Client icon has been enabled in the Windows system tray in Taskbar settings > Other system tray icons > Hidden icon menu. If this is not the case, SN SSL VPN Client features will not be accessible, as they require access to the icon of the application in order to open its menu.