SSL API client for Stormshield Network Security appliances

pip install stormshield.sns.sslclient==1.0.3



A Python client for the Stormshield Network Security appliance SSL API.

Note: this module requires python2.7 or python3.3

API usage

from stormshield.sns.sslclient import SSLClient

client = SSLClient(
    host="", port=443,
    user='admin', password='password',

response = client.send_command("SYSTEM PROPERTY")

if response:
    model   =['Result']['Model']
    version =['Result']['Version']

    print("Model: {}".format(model))
    print("Firmware version: {}".format(version))
    print("Command failed: {}".format(response.output))


Command results

Command results are available in text, xml or python structure formats:

>>> response = client.send_command("CONFIG NTP SERVER LIST")

>>> print(response.output)
101 code=00a01000 msg="Begin" format="section_line"
[Result] keynum=none type=host keynum=none type=host
100 code=00a00100 msg="Ok"

>>> print(response.xml)
<?xml version="1.0"?>
<nws code="100" msg="OK"><serverd ret="101" code="00a01000" msg="Begin"><data format="section_line"><section title="Result"><line><key name="name" value=""/><key name="keynum" value="none"/><key name="type" value="host"/></line><line><key name="name" value=""/><key name="keynum" value="none"/><key name="type" value="host"/></line></section></data></serverd><serverd ret="100" code="00a00100" msg="Ok"></serverd></nws>

>>> print(
{'Result': [{'name': '', 'keynum': 'none', 'type': 'host'}, {'name': '', 'keynum': 'none', 'type': 'host'}]}

The keys of the data property are case insensitive,['Result'][0]['name'] and['ReSuLt'][0]['NaMe'] will return the same value.

Results token are also available via response.parser.get() method which accepts a default parameter to return if the token is not present.

>>> print(response.output)
101 code=00a01000 msg="Begin" format="section"
100 code=00a00100 msg="Ok"

>>> print(['Server']['3'])
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/site-packages/requests/", line 52, in __getitem__
    return self._store[key.lower()][1]
KeyError: '3'

>>> print(response.parser.get(section='Server', token='3', default=None))

File upload/download

Files can be downloaded or uploaded by adding a redirection to a file with '>' or '<' at the end of the configuration command.

>>> client.send_command("CONFIG BACKUP list=all > /tmp/")
100 code=00a00100 msg="Ok"


snscli is a python cli for executing configuration commands and scripts on Stormshield Network Security appliances.

  • Output format can be chosen between section/ini or xml
  • File upload and download available with adding < upload or > download at the end of the command
  • Client can execute script files using --script option.
  • Comments are allowed with #

$ snscli --host <utm>

$ snscli --host <utm> --user admin --password admin --script config.script

Concerning the SSL validation:

  • For the first connection to a new appliance, ssl host name verification can be bypassed with --no-sslverifyhost option.
  • To connect to a known appliance with the default certificate use --host <serial> --ip <ip address> to validate the peer certificate.
  • If a custom CA and certificate is installed, use --host myfirewall.tld --cabundle <ca.pem>.
  • For client certificate authentication, the expected format is a PEM file with the certificate and the unencrypted key concatenated.


The library and snscli tool support HTTP and SOCKS proxies, use --proxy scheme://user:password@host:port option.


$ python3 sdist bdist_wheel


From PyPI:

$ pip3 install stormshield.sns.sslclient

From source:

$ python3 install


Warning: some tests require a remote SNS appliance.

$ PASSWORD=password APPLIANCE= python3 test

To run snscli from the source folder without install:

$ PYTHONPATH=. python3 stormshield/sns/ --help