Rublon

Secure Remote Access

By

Last updated on July 25, 2025

IMPORTANT

Stormshield Network Security (SNS) firewalls do not offer any configurable setting to extend or customize the LDAP server authentication timeout. Unlike RADIUS, which has an adjustable timeout parameter in Stormshield’s CLI, LDAP authentication timeouts are fixed and cannot be changed via the GUI or CLI. Official Stormshield documentation and support materials provide no method or guidance to modify the LDAP authentication wait period, indicating that the default timeout is not configurable.

If possible, integrate Rublon MFA via RADIUS instead of LDAP. Stormshield fully supports RADIUS servers for authentication and allows custom timeouts for RADIUS requests, ensuring that your users have enough time to complete MFA. For more information, refer to the Rublon MFA for Stormshield using RADIUS documentation.

Overview of MFA for Stormshield SSL VPN using LDAP(S)

This documentation describes how to integrate Rublon MFA with Stormshield SSL VPN using the LDAP(S) protocol to enable multi-factor authentication for VPN connections.

Supported Authentication Methods

Authentication Method Supported Comments
Mobile Push N/A
WebAuthn/U2F Security Key N/A
Passcode N/A
SMS Passcode N/A
SMS Link N/A
Phone Call N/A
QR Code N/A
Email Link N/A
YubiKey OTP Security Key N/A

Before You Start Configuring MFA for Stormshield SSL VPN using LDAP(S)

Before configuring Rublon MFA for Stormshield VPN:

  • Ensure you have prepared all required components.
  • Create an application in the Rublon Admin Console.
  • Install the Rublon Authenticator mobile app.

Required Components

1. User Identity Provider (IdP) – You need an external Identity Provider, such as Microsoft Active Directory, OpenLDAP, or FreeIPA.

2. Rublon Authentication Proxy – Install the Rublon Authentication Proxy if you have not already.

WARNING

You need to install Rublon Authentication Proxy version 3.4.0 or higher for this integration to work properly!

3. Stormshield  – Properly installed and configured firewall.

Create an Application in the Rublon Admin Console

1. Sign up for the Rublon Admin Console. Here’s how.

2. In the Rublon Admin Console, go to the Applications tab and click Add Application

3. Enter a name for your application (e.g., Stormshield VPN) and then set the type to Rublon Authentication Proxy.

4. Click Save to add the new application in the Rublon Admin Console.

5. Copy and save the values of the System Token and Secret Key. You are going to need these values later.

Install Rublon Authenticator

All end-users must install the Rublon Authenticator mobile app. So, as a person configuring MFA for Stormshield VPN, we highly recommend you install the Rublon Authenticator mobile app, too. Thanks to that, you will be able to test MFA for Stormshield via Mobile Push.

Download the Rublon Authenticator for:

Configuring Multi-Factor Authentication (MFA) for Stormshield SSL VPN using LDAP(S)

Follow the following instructions to set up MFA for Stormshield SSL VPN using the LDAP(S) protocol.

1. From the Stormshield Network Security (SNS) administrator console, select the Configuration tab. Then, go to Users → Directories configuration.

2. Click Add directory. A new window will open.

3. Select Connect to an External LDAP directory and click Next.

4. Fill in the fields and click Finish. Refer to the following image and table.

Domain nameThe name of the domain.
ServerThe Rublon Authentication Proxy server.

To create it, click the + (plus) sign. You must fill in the following fields:Object name: the name for your Rublon Authentication Proxy server, e.g., RAPIPv4 address: the IP address of your Rublon Authentication Proxy server
Portldap
Root domain (Base DN)The Base DN of your domain.
Read-only accessUnchecked.
Anonymous connectionUnchecked.
IDThe cn of the account that will authenticate to LDAP.

Note: Unlike other integrations where the user is specified in full LDAP CN notation (e.g., Cn=rublonadmin,ou=Rublon,dc=rublondemo,dc=local), Stormshield handles it differently. In this case, you only need to provide half of the CN without adding the domain. So, for the example above, you would enter: Cn=rublonadmin,ou=Rublon.
PasswordThe password to the account.

5. After you add the LDAP server, you will see it on the list of directories with its configuration on the right.

6. You can now test your LDAP server configuration. Go to Users → Users and Groups, and select Users from the Filter dropdown. If after you do this, you see the list of your Active Directory users, this means your LDAP server configuration is correct.

7. You now need to add LDAP as an available method. Go to Authentication → Available Methods and select Add a method → LDAP.

8. Congratulations. You have successfully configured Rublon MFA for Stormshield VPN using LDAP. You can now test MFA.

Testing Multi-Factor Authentication (MFA) for Stormshield SSL VPN Integrated Via LDAP(S)

This example portrays logging in to Stormshield VPN via the Stormshield SSL VPN Client. Mobile Push has been set as the second factor in Rublon Authentication Proxy configuration (AUTH_METHOD was set to push).

1. Start the Stormshield SSL VPN Client, e.g., right-click the app in the tray and select Start VPN.

2. Provide your Firewall address, Username, and Password, and click OK.

3. Rublon will send a Mobile Push authentication request to your phone. Tap APPROVE.

4. You will be connected to the VPN.

Troubleshooting of MFA for Stormshield SSL VPN using LDAP(S)

If you encounter any issues with your Rublon integration, please contact Rublon Support.

Related Posts

Rublon Authentication Proxy

Rublon Authentication Proxy – Integrations