Provides read-only access to Cisco Firepower Management Center (FMC), allowing users to query firewall configurations, search for network objects by IP, and monitor device deployment status.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Cisco FMC MCP ServerFind the network object associated with IP 10.1.10.50"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Server for Cisco FMC
A read-only Model Context Protocol (MCP) server for Cisco Firepower Management Center (FMC) 7.4.x.
This server allows LLMs like Claude to query your firewall configuration, search for network objects, and check deployment status—all through natural language.
Features
Read-Only Access: Safe exploration of FMC configuration without modification risk
Rate Limiting: Built-in token bucket rate limiter (120 req/min, 10 concurrent connections)
Automatic Token Refresh: Handles FMC's 30-minute token expiration and 3-refresh limit
Transparent Pagination: Automatically fetches all pages from large datasets
MCP Resources
Resource | Description |
| FMC server version and system information |
| List of all managed firewall devices |
| All network objects (IPs, subnets) |
| Devices with pending changes |
MCP Tools
Tool | Description |
| Find network objects containing a specific IP |
| Check if devices are in sync |
Installation
Prerequisites
Python 3.10+
uv (recommended) or pip
Access to a Cisco FMC 7.4.x instance
Using uv (Recommended)
Using pip
Configuration
Copy the example configuration:
Edit
.envwith your FMC credentials:
Configuration Options
Variable | Required | Default | Description |
| Yes | - | FMC hostname or IP |
| Yes | - | API username |
| Yes | - | API password |
| No |
| SSL certificate verification |
| No | auto | Domain UUID (auto-discovered) |
| No |
| Request timeout in seconds |
Usage
Running the Server
Testing Connection
Claude Desktop Integration
Add to your Claude Desktop configuration (claude_desktop_config.json):
Then restart Claude Desktop and try:
"What version is my FMC running?"
"List all firewall devices"
"Find the network object for IP 10.10.10.5"
"Are there any pending deployments?"
MCP Inspector Testing
Development
Running Tests
Code Quality
API Rate Limits
The FMC API has strict rate limits that this server respects:
Limit | Value | How We Handle It |
Requests per minute | 120 | Token bucket rate limiter |
Concurrent connections | 10 | Connection semaphore |
Token lifetime | 30 min | Auto-refresh on 401 |
Max token refreshes | 3 | Full re-authentication after 3 |
The server logs warnings when approaching rate limits:
WARNINGwhen token bucket drops below 20%ERRORon 429 (rate limited) responses
Security Notes
Read-Only: This server only performs GET requests
SSL: Disabled by default for lab environments; enable in production
Credentials: Store in
.env, never commit to version controlAPI User: Create a dedicated read-only API user in FMC
License
Apache 2.0