New features and enhancements in version 4.0.5 EA

Compliance verification (ZTNA)

SN SSL VPN Client is compatible with the feature that verifies the compliance of client workstations, which can now be configured on SNS firewalls in from version 4.8 onwards.

More information on the SNS firewall compliance verification.

Installation

Multi-account installation

SN SSL VPN Client can now be installed on several user profiles on the same Windows workstation. Individual users have their own address books and own logs.

However, SN SSL VPN Client must not be launched on several profiles simultaneously. We recommend that users who share a Windows workstation with other users ensure that they shut down their sessions. Otherwise, the workstation will need to be restarted so that other users can set up tunnels.

Do note that:

  • The installation always requires local administrator privileges on the workstation or the user must enter the login and password of an administrator account,

  • The SN SSL VPN Client installation folder in version 4 has been changed. During the initial connection, some users will need to indicate once again that the SNS firewall certificate has to be trusted.

Configuring settings

During installation, you can now define the following settings:

  • The IP address or FQDN of the SNS firewall,

  • Whether the VPN configuration must be retrieved in automatic mode,

  • Whether multifactor authentication has to be used,

  • Whether the Windows session user in question must be used as the ID.

Installation package

A single SN SSL VPN Client installation program now groups all languages and Windows versions supported. The administrator can still download an .msi package for an installation through a policy deployment tool.

Updated certificates

As the SHA-1 and MD5 algorithms make it possible to sign certificates that are obsolete, they will no longer be supported in a later version of SN SSL VPN Client. It is essential for administrators to update their certificates immediately. Refer to the procedure in the article on How can I regenerate the sslvpn-full-default-authority? in the Stormshield knowledge base.

For greater security, support for these algorithms can now be disabled by deleting the value "insecure_compat", or by setting it to 0 in the registry key:

HKLM\SYSTEM\CurrentControlSet\Services\StormshieldSSLVPNService\Parameters