Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| FIREWALLA_BOX_ID | Yes | Your Firewalla Box GID (Group ID) found in device settings | |
| FIREWALLA_MSP_ID | Yes | Your Firewalla MSP ID, which is the full domain (e.g., company123.firewalla.net) | |
| FIREWALLA_MSP_TOKEN | Yes | Your Firewalla MSP access token generated in API settings |
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| get_active_alarms | Retrieve current security alerts and alarms from Firewalla firewall |
| get_specific_alarm | Get detailed information for a specific Firewalla alarm |
| get_flow_data | Query network traffic flows from Firewalla firewall |
| get_device_status | Check online/offline status of devices on Firewalla network |
| get_network_rules | Retrieve firewall rules and conditions |
| pause_rule | Temporarily disable an active firewall rule for a specified duration |
| resume_rule | Resume a previously paused firewall rule, restoring it to active state |
| get_target_lists | Retrieve all target lists from Firewalla |
| get_specific_target_list | Retrieve a specific target list by ID |
| create_target_list | Create a new target list |
| update_target_list | Update an existing target list |
| delete_target_list | Delete a target list |
| search_flows | Search network flows with advanced query filters. Use this for: historical analysis, specific time ranges, complex filtering, or when you need more than 50 flows. Supports pagination, time-based queries (e.g., "ts:>1h" for last hour), and all flow fields including geographic filtering. For quick "what's happening now" snapshots, use get_recent_flow_activity instead. |
| search_alarms | Search alarms using full-text or field filters. Alarm types: 1=Security Activity, 2=Abnormal Upload, 3=Large Bandwidth Usage, 4=Monthly Data Plan, 5=New Device, 6=Device Back Online, 7=Device Offline, 8=Video Activity, 9=Gaming Activity, 10=Porn Activity, 11=VPN Activity, 12=VPN Connection Restored, 13=VPN Connection Error, 14=Open Port, 15=Internet Connectivity Update, 16=Large Upload. |
| search_rules | Search firewall rules by target, action or status. Supports all rule fields. |
| get_boxes | Retrieve list of Firewalla boxes |
| get_simple_statistics | Retrieve basic statistics overview |
| get_statistics_by_region | Retrieve statistics by region (top regions by blocked flows) |
| get_statistics_by_box | Get statistics for each Firewalla box (top boxes by blocked flows or security alarms) |
| get_recent_flow_activity | Get recent network flow activity snapshot (last 10-20 minutes). Returns up to 50 most recent flows for immediate analysis. CRITICAL: This is a quick snapshot tool only. Use this for: "what's happening right now?", current security threats, immediate network issues. DO NOT use for: historical analysis (use search_flows), getting more than 50 flows (use search_flows with limit), daily/weekly patterns (use search_flows with time queries like "ts:>24h"). For comprehensive analysis, always prefer search_flows. |
| get_flow_insights | Get category-based flow analysis including top content categories, bandwidth consumers, and blocked traffic. Ideal for answering questions like "what porn sites were accessed" or "what social media was used". Replaces time-based trends with actionable insights. |
| get_alarm_trends | Get historical alarm trend data (alarms generated per day) |
| get_rule_trends | Get historical rule trend data (rules created per day) |
| get_bandwidth_usage | Get top bandwidth consuming devices (convenience wrapper around get_device_status) |
| get_offline_devices | Get all offline devices (convenience wrapper around get_device_status) |
| search_devices | Search devices by name, IP, MAC or status (convenience wrapper with client-side filtering) |
| search_target_lists | Search target lists with client-side filtering (convenience wrapper around get_target_lists) |
| get_network_rules_summary | Get overview statistics and counts of network rules by category (convenience wrapper) |