Requirements

An SNS firewall equipped with a TPM

All recent models as of SNi20 have a TPM.

See the list of the relevant firewall models on the Stormshield website at Our Stormshield Network Security firewalls.

A compatible SNS version installed

The TPM-based security mechanism applies to some certificates, depending on the SNS version installed on the firewall.

Certificates used in the following cases with a private key that can be protected Compatible SNS versions
3.11 LTSB 4.3 LTSB 4.7 and higher

IPsec VPN

SSL VPN - -
SSL/TLS decryption (web administration interface and captive portal) - -
Communications with the SMC server - -
Sending of logs to a syslog server - -
Internal LDAP - -

Privilege to access the TPM

To initialize and use the TPM, the administrator must hold the TPM (E) privilege. Only the admin account can assign this privilege in the firewall's web administration interface in Configuration > System > Administrators, Administrators tab, Switch to advanced view button.

Ability to access the CLI console on the SNS firewall

Depending on the SNS version installed on the firewall, some or all operations relating to the TPM must be performed in a CLI console by using commands.

To access the CLI console, go to the firewall's web administration interface, for example, in Configuration > System > CLI console.