BarracudaCGF-MCP

LanceHardwoodXXX/BarracudaCGF-MCP

3.2

If you are the rightful owner of BarracudaCGF-MCP and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A Model Context Protocol (MCP) server for managing Barracuda CloudGen Firewalls through their REST API.

Tools
5
Resources
0
Prompts
0

Barracuda CloudGen Firewall MCP Server

MCP Version Python Version Docker

A Model Context Protocol (MCP) server for managing Barracuda CloudGen Firewalls through their REST API. This server enables Claude Desktop and other MCP clients to interact with policy-driven Barracuda CloudGen Firewalls.

๐ŸŽฏ Features

  • System Monitoring: Real-time health status and system metrics
  • Service Management: List and monitor firewall services
  • Network Objects: View and filter configured network objects
  • Service Objects: Browse and search service definitions
  • Policy Status: Check policy-driven configuration status

โš ๏ธ Important Note

This server is optimized for policy-driven Barracuda CloudGen Firewalls. Direct rule manipulation is not available via API in policy-driven mode. Rules must be managed through the Barracuda Control Center.

๐Ÿ“‹ Prerequisites

  • Python 3.11+
  • Docker (optional)
  • Barracuda CloudGen Firewall with REST API enabled
  • API Token for authentication
  • Claude Desktop (for MCP integration)

๐Ÿš€ Quick Start

Option 1: Docker (Recommended)

  1. Clone the repository
git clone https://github.com/yourusername/barracuda-cgf-mcp.git
cd barracuda-cgf-mcp
  1. Set environment variables
cp .env.example .env
# Edit .env with your firewall details
  1. Build and run with Docker
docker build -t barracuda-mcp .
docker run -it --rm \
  -e BARRACUDA_HOST=http://your-firewall:8080 \
  -e BARRACUDA_API_TOKEN=your-token \
  barracuda-mcp

Option 2: Python

  1. Install dependencies
pip install -r requirements.txt
  1. Set environment variables
export BARRACUDA_HOST="http://your-firewall:8080"
export BARRACUDA_API_TOKEN="your-api-token"
  1. Run the server
python barracuda_server.py

๐Ÿ”ง Configuration

Environment Variables

VariableDescriptionExample
BARRACUDA_HOSTFirewall URL with protocol and porthttp://192.168.1.1:8080
BARRACUDA_API_TOKENAPI authentication tokengCk1Q0dEAsxZ21c91ulzLK0Q66e041VM

Claude Desktop Integration

Add to your Claude Desktop configuration:

Windows (%APPDATA%\Claude\claude_desktop_config.json):

{
  "mcpServers": {
    "barracuda-cgf": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--name", "barracuda-mcp",
        "-e", "BARRACUDA_HOST=http://your-firewall:8080",
        "-e", "BARRACUDA_API_TOKEN=your-token",
        "barracuda-mcp:latest"
      ]
    }
  }
}

macOS/Linux (~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "barracuda-cgf": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "--name", "barracuda-mcp",
        "-e", "BARRACUDA_HOST=http://your-firewall:8080",
        "-e", "BARRACUDA_API_TOKEN=your-token",
        "barracuda-mcp:latest"
      ]
    }
  }
}

๐Ÿ“ฆ Docker Compose

For production deployments:

docker-compose up -d

๐Ÿ› ๏ธ Available Tools

get_system_status

Returns comprehensive system health information including:

  • Server, process, and disk states
  • Network and system status
  • Security and operative event states
  • License information

list_services

Lists all running firewall services, categorized by:

  • Core services (boxfw, control, restd)
  • Logging services
  • Monitoring services

list_network_objects

Displays configured network objects with optional filtering:

  • LAN/DMZ networks
  • VPN configurations
  • System networks
  • Custom objects

list_service_objects

Shows service definitions with categorization:

  • Web services (HTTP/HTTPS)
  • Email services
  • Remote access
  • VPN services
  • Custom services

check_policy_status

Verifies if the firewall uses policy-driven configuration.

๐Ÿ“ Usage Examples

In Claude Desktop, after integration:

  • "Show me the firewall system status"
  • "List all network objects"
  • "What services are running on the firewall?"
  • "Filter network objects containing 'VPN'"
  • "Check if the firewall uses policy-based rules"

๐Ÿงช Testing

Test Connection

curl -H "X-API-Token: your-token" \
     -H "Accept: application/json" \
     "http://your-firewall:8080/rest/control/v1/box?envelope=false"

Run Tests

python -m pytest tests/

๐Ÿ› Troubleshooting

Common Issues

IssueSolution
Connection refusedVerify firewall URL and port
401 UnauthorizedCheck API token validity
409 Conflict on rulesNormal for policy-driven firewalls
Docker container exitsCheck logs: docker logs barracuda-mcp

Debug Mode

Enable debug logging by setting:

export LOG_LEVEL=DEBUG

๐Ÿ”’ Security

  • API tokens are never logged
  • Uses HTTPS when configured
  • Runs as non-root user in Docker
  • Read-only filesystem in container
  • Memory limited to 256MB

๐Ÿค Contributing

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

๐Ÿ“„ License

This project is licensed under the MIT License - see the file for details.

๐Ÿ™ Acknowledgments

๐Ÿ“ž Support

โšก Limitations

Due to policy-driven configuration, the following operations are NOT available:

  • Direct firewall rule creation/modification
  • VPN tunnel configuration changes
  • Interface configuration
  • Routing table modifications
  • DHCP server configuration

These operations must be performed through the Barracuda Control Center or Web UI.

Note: This project is not affiliated with or endorsed by Barracuda Networks.