Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Operation and limitations
Authentication modes on the SNS firewall compatible with TOTP
The TOTP solution makes it possible to increase the security of the following authentication modes on the SNS firewall:
SSL VPN tunnels (OpenVPN technology only),
Web administration interface,
Console or SSH,
IPsec VPN tunnels in IKEv1 (Xauth method only).
Built-in and autonomous TOTP solution on each SNS firewall
The TOTP solution is built into each SNS firewall and operates autonomously, except on firewalls in high availability clusters. Users who authenticate on several SNS firewalls on which TOTP has been enabled must first enroll on each firewall in question and use a TOTP corresponding to the relevant firewall in order to authenticate.
How time-based one-time passwords work
The TOTP solution relies on the use of time-based one-time passwords, also known as TOTPs. A TOTP is valid for only a set period and can be used for only one authentication throughout this period. The same TOTP therefore cannot be used for two consecutive authentications, for example to connect via VPN, then via SSH. The user must wait for a new code to be generated before proceeding with the second authentication.
This system can only function if the date and time on the SNS and the various Authenticators are synchronized.
Managing TOTP with the admin account on the SNS firewall
The admin account on the SNS firewall cannot use TOTP. However, logging in with the admin account is necessary in order to perform certain operations, such as resetting an administrator's TOTP enrollment, or the TOTP enrollment of all users.