Requirements
An SNS firewall equipped with a TPM
All recent models as of SNi20 have a TPM.
See the list of the relevant firewall models on the Stormshield website at Our Stormshield Network Security firewalls.
A compatible SNS version installed
The TPM-based security mechanism applies to some certificates, depending on the SNS version installed on the firewall.
| Certificates used in the following cases with a private key that can be protected | Compatible SNS versions | ||
| 3.11 LTSB | 4.3 LTSB | 4.7 and higher | |
|
IPsec VPN |
|
|
|
| SSL VPN | - | - |
|
| SSL/TLS decryption (web administration interface and captive portal) | - | - |
|
| Communications with the SMC server | - | - |
|
| Sending of logs to a syslog server | - | - |
|
| Internal LDAP | - | - |
|
Privilege to access the TPM
To initialize and use the TPM, the administrator must hold the TPM (E) privilege. Only the admin account can assign this privilege in the firewall's web administration interface in Configuration > System > Administrators, Administrators tab, Switch to advanced view button.
Ability to access the CLI console on the SNS firewall
Depending on the SNS version installed on the firewall, some or all operations relating to the TPM must be performed in a CLI console by using commands.
To access the CLI console, go to the firewall's web administration interface, for example, in Configuration > System > CLI console.