alpadalar/fortigate-mcp-server
3.2
If you are the rightful owner of fortigate-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
FortiGate MCP Server is a comprehensive Model Context Protocol (MCP) server designed for managing FortiGate devices, providing programmatic access and integration with MCP-compatible tools.
FortiGate MCP Server
FortiGate MCP Server - A comprehensive Model Context Protocol (MCP) server for managing FortiGate devices. This project provides programmatic access to FortiGate devices and enables integration with MCP-compatible tools like Cursor.
๐ Features
- Device Management: Add, remove, and test connections to FortiGate devices
- Firewall Management: List, create, update, and delete firewall rules
- Network Management: Manage address and service objects
- Routing Management: Manage static routes and interfaces
- HTTP Transport: MCP protocol over HTTP using FastMCP
- Docker Support: Easy installation and deployment
- Cursor Integration: Full integration with Cursor IDE
๐ Requirements
- Python 3.8+
- Access to FortiGate device
- API token or username/password
๐ ๏ธ Installation
1. Clone the Project
git clone <repository-url>
cd fortigate-mcp-server
2. Install Dependencies
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Linux/Mac
# or
.venv\Scripts\activate # Windows
# Install dependencies
pip install -r requirements.txt
3. Configuration
Edit the config/config.json file:
{
"fortigate": {
"devices": {
"default": {
"host": "192.168.1.1",
"port": 443,
"username": "admin",
"password": "password",
"api_token": "your-api-token",
"vdom": "root",
"verify_ssl": false,
"timeout": 30
}
}
},
"logging": {
"level": "INFO",
"file": "./logs/fortigate_mcp.log"
}
}
๐ Usage
Start HTTP Server
# Start with script
./start_http_server.sh
# Or manually
python -m src.fortigate_mcp.server_http \
--host 0.0.0.0 \
--port 8814 \
--path /fortigate-mcp \
--config config/config.json
Run with Docker
# Build and start
docker-compose up -d
# View logs
docker-compose logs -f fortigate-mcp-server
๐ง Cursor MCP Integration
1. Cursor MCP Configuration
Edit ~/.cursor/mcp_servers.json in Cursor:
Option 1: Command Connection
{
"mcpServers": {
"fortigate-mcp": {
"command": "python",
"args": [
"-m",
"src.fortigate_mcp.server_http",
"--host",
"0.0.0.0",
"--port",
"8814",
"--path",
"/fortigate-mcp",
"--config",
"/path/to/your/config.json"
],
"env": {
"FORTIGATE_MCP_CONFIG": "/path/to/your/config.json"
}
}
}
}
Option 2: URL Connection (Recommended)
{
"mcpServers": {
"FortiGateMCP": {
"url": "http://0.0.0.0:8814/fortigate-mcp/",
"transport": "http"
}
}
}
2. Using in Cursor
To use FortiGate MCP in Cursor:
- Start the server:
cd /media/workspace/fortigate-mcp-server
python -m src.fortigate_mcp.server_http --host 0.0.0.0 --port 8814 --path /fortigate-mcp --config config/config.json
- Restart Cursor
- Ensure MCP server is running
- Use FortiGate commands in Cursor
๐ API Commands
Device Management
list_devices- List registered devicesget_device_status- Get device statustest_device_connection- Test connectionadd_device- Add new deviceremove_device- Remove devicediscover_vdoms- Discover VDOMs
Firewall Management
list_firewall_policies- List firewall rulescreate_firewall_policy- Create new ruleupdate_firewall_policy- Update ruledelete_firewall_policy- Delete rule
Network Management
list_address_objects- List address objectscreate_address_object- Create address objectlist_service_objects- List service objectscreate_service_object- Create service object
Virtual IP Management
list_virtual_ips- List virtual IPscreate_virtual_ip- Create virtual IPupdate_virtual_ip- Update virtual IPget_virtual_ip_detail- Get virtual IP detaildelete_virtual_ip- Delete virtual IP
Routing Management
list_static_routes- List static routescreate_static_route- Create static routeupdate_static_route- Update static routedelete_static_route- Delete static routeget_static_route_detail- Get static route detailget_routing_table- Get routing tablelist_interfaces- List interfacesget_interface_status- Get interface status
System Commands
health- Health checktest_connection- Connection testget_schema_info- Schema information
๐งช Testing
Run Tests
# Run all unit tests (default)
python -m pytest
# Run with coverage
python -m pytest --cov=src --cov-report=html
# Run specific test categories
python -m pytest tests/test_device_manager.py
python -m pytest tests/test_fortigate_api.py
python -m pytest tests/test_tools.py
# Run integration tests (requires server running)
python integration_tests.py
# Run only unit tests (default)
python -m pytest tests/
# Run with verbose output
python -m pytest -v
# Run with detailed error information
python -m pytest --tb=long
Test Categories
- Unit Tests: Test individual components and functions
- Integration Tests: Test HTTP server functionality (requires server running)
- Coverage: Code coverage reporting with HTML output
HTTP Server Test
# Run test script
python test_http_server.py
Manual Testing
# Health check
curl -X POST http://localhost:8814/fortigate-mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "health", "params": {}}'
# List devices
curl -X POST http://localhost:8814/fortigate-mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "list_devices", "params": {}}'
๐ Project Structure
fortigate-mcp-server/
โโโ src/
โ โโโ fortigate_mcp/
โ โโโ __init__.py
โ โโโ server_http.py # HTTP MCP server
โ โโโ config/ # Configuration management
โ โโโ core/ # Core components
โ โโโ tools/ # MCP tools
โ โโโ formatting/ # Response formatting
โโโ config/
โ โโโ config.json # Main configuration
โ โโโ config.example.json # Example configuration
โโโ examples/
โ โโโ cursor_mcp_config.json # Cursor MCP config
โโโ logs/ # Log files
โโโ tests/ # Test files
โโโ docker-compose.yml # Docker compose
โโโ Dockerfile # Docker image
โโโ start_http_server.sh # Startup script
โโโ test_http_server.py # Test script
โโโ README.md # This file
๐ Troubleshooting
Common Issues
-
Connection Error
- Ensure FortiGate device is accessible
- Verify API token or username/password
- Use
verify_ssl: falsefor SSL certificate issues
-
Port Conflict
- Ensure port 8814 is available
- Change port using
--portparameter
-
Configuration Error
- Ensure
config.jsonis properly formatted - Check JSON syntax
- Ensure
-
Cursor MCP Connection Issue
- Ensure server is running
- Verify URL is correct
- Restart Cursor
Logs
Check logs using:
# HTTP server logs
tail -f logs/fortigate_mcp.log
# Docker logs
docker-compose logs -f fortigate-mcp-server
๐ Security
Recommendations
-
Use API Tokens
- Use API tokens instead of username/password
- Store tokens securely
-
SSL Certificate
- Use SSL certificates in production
- Set
verify_ssl: true
-
Network Security
- Run MCP server only on secure networks
- Restrict access with firewall rules
-
Rate Limiting
- Enable rate limiting
- Limit API calls
๐ค Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
๐ License
This project is licensed under the MIT License. See the LICENSE file for details.
๐ Acknowledgments
- FastMCP - For MCP HTTP transport
- FortiGate API - For FortiGate integration
- Cursor - For MCP support
๐ Support
For issues:
- Use the Issues page
- Check the documentation
- Review the logs
Note: This project has been tested with FortiGate devices. Please perform comprehensive testing before using in production.