Skip to main content

SSL API client for Stormshield Network Security appliances

Project description


A Python client for the Stormshield Network Security appliance SSL API.

Note: this module requires python2.7 or python3.3

API usage

from stormshield.sns.sslclient import SSLClient

client = SSLClient(
    host="", port=443,
    user='admin', password='password',

response = client.send_command("SYSTEM PROPERTY")

if response:
    model   =['Result']['Model']
    version =['Result']['Version']

    print("Model: {}".format(model))
    print("Firmware version: {}".format(version))
    print("Command failed: {}".format(response.output))


Command results

Command results are available in text, xml or python structure formats:

>>> response = client.send_command("CONFIG NTP SERVER LIST")

>>> print(response.output)
101 code=00a01000 msg="Begin" format="section_line"
[Result] keynum=none type=host keynum=none type=host
100 code=00a00100 msg="Ok"

>>> print(response.xml)
<?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Begin"><data format="section_line"><section title="Result"><line><key name="name" value=""/><key name="keynum" value="none"/><key name="type" value="host"/></line><line><key name="name" value=""/><key name="keynum" value="none"/><key name="type" value="host"/></line></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>

>>> print(
{'Result': [{'name': '', 'keynum': 'none', 'type': 'host'}, {'name': '', 'keynum': 'none', 'type': 'host'}]}

The keys of the data property are case insensitive,['Result'][0]['name'] and['ReSuLt'][0]['NaMe'] will return the same value.

Results token are also available via response.parser.get() method which accepts a default parameter to return if the token is not present.

>>> print(response.output)
101 code=00a01000 msg="Begin" format="section"
100 code=00a00100 msg="Ok"

>>> print(['Server']['3'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/site-packages/requests/", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: '3'

>>> print(response.parser.get(section='Server', token='3', default=None))

File upload/download

Files can be downloaded to or uploaded from the client host by adding a redirection to a file with '>' or '<' at the end of the configuration command.

>>> client.send_command("CONFIG BACKUP list=all > /tmp/")
100 code=00a00100 msg="Ok"


snscli is a python cli for executing configuration commands and scripts on Stormshield Network Security appliances.

  • Output format can be chosen between section/ini or xml
  • File upload and download available with adding < upload or > download at the end of the command
  • Client can execute script files using --script option.
  • Comments are allowed with #

$ snscli --host <utm>

$ snscli --host <utm> --user admin --password admin --script config.script

Concerning the SSL validation:

  • For the first connection to a new appliance, ssl host name verification can be bypassed with --no-sslverifyhost option.
  • To connect to a known appliance with the default certificate use --host <serial> --ip <ip address> to validate the peer certificate.
  • If a custom CA and certificate is installed, use --host myfirewall.tld --cabundle <ca.pem>. CA bundle should contain at least the root CA.
  • For client certificate authentication, the expected format is a PEM file with the certificate and the unencrypted key concatenated.


The library and snscli tool support HTTP and SOCKS proxies, use --proxy scheme://user:password@host:port option.


$ python3 sdist bdist_wheel


From PyPI:

$ pip3 install stormshield.sns.sslclient

From source:

$ python3 install


Warning: some tests require a remote SNS appliance.

$ PASSWORD=password APPLIANCE= python3 test

To run snscli from the source folder without install:

$ PYTHONPATH=. python3 stormshield/sns/ --help


Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

stormshield.sns.sslclient-1.0.5.tar.gz (28.5 kB view hashes)

Uploaded source

Built Distributions

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page