Skip to main content
Glama
gensecaihq

SonicWall MCP Server

by gensecaihq
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

SonicWall MCP Server

Professional SonicWall log analysis and threat detection via Model Context Protocol

πŸ§ͺ Community Testing Needed

⚠️ IMPORTANT: This project needs community testing and validation!
πŸ‘₯ We need your help to test this with real SonicWall devices and environments.

  • πŸ” Test it with your SonicWall setup

  • πŸ› Report issues via GitHub Issues

  • πŸ”§ Fix bugs and submit PRs

  • πŸ“ Improve documentation based on real-world usage

  • πŸ’‘ Contribute features and enhancements

Your testing and contributions will help make this production-ready for everyone!

A production-ready MCP server that provides intelligent analysis of SonicWall firewall logs through natural language queries. Fully compliant with MCP 2025-06-18 specification with comprehensive support for both SonicOS 7.x and 8.x including accurate API endpoints and version-specific features.

MCP Compatible SonicOS Support Docker Ready Security First

Related MCP server: Fastly NGWAF MCP Server

✨ Features

  • πŸ” Natural Language Log Analysis - Query firewall logs using conversational AI

  • πŸ›‘οΈ Real-time Threat Detection - Advanced threat correlation and behavioral analysis

  • 🌐 Complete SonicOS Support - Accurate API endpoints for both 7.x and 8.x versions

  • 🎯 Version-Aware Integration - Automatic endpoint resolution and feature detection

  • πŸš€ Enterprise Ready - Production deployment with comprehensive security

  • πŸ“Š Advanced Analytics - Network intelligence and security metrics

  • πŸ”’ MCP 2025-06-18 Compliant - Latest protocol compliance with enhanced JSON-RPC 2.0

  • ⚑ High Performance - In-memory caching with intelligent TTL management

  • πŸ” Security First - Authentication, authorization, and comprehensive audit logging

πŸ“‹ Quick Start

Prerequisites

  • SonicWall Device running SonicOS 7.x or 8.x

  • API Access enabled on your SonicWall (MANAGE > System Setup > Appliance > SonicOS API)

  • Docker & Docker Compose (recommended) or Node.js 20+

1. Get the Server

git clone https://github.com/gensecaihq/sonicwall-mcp-server.git cd sonicwall-mcp-server

2. Configure Environment

# Copy example configuration cp .env.example .env # Edit with your SonicWall details nano .env

Required configuration:

SONICWALL_HOST=192.168.1.1 SONICWALL_USERNAME=admin SONICWALL_PASSWORD=your_password SONICWALL_VERSION=7 # or 8 for SonicOS 8.x

3. Start the Server

Using Docker (Recommended):

docker compose up -d # or using npm script npm run docker:up

Using Node.js:

npm install npm run build npm start

4. Verify Installation

# Check server health curl http://localhost:3000/health # Expected response: # {"status":"healthy","protocol":"MCP/2025-06-18","version":"1.0.0"}

πŸ”— Connect to Claude

Add to your Claude Desktop configuration (claude_desktop_config.json):

{ "mcpServers": { "sonicwall": { "transport": "sse", "url": "http://localhost:3000/mcp/v1/sse" } } }

That's it! Start using SonicWall analysis in Claude:

"Show me blocked connections from the last hour"
"Find critical security threats from today"
"Analyze VPN authentication failures"

🎯 Latest Improvements

⚑ Enhanced SonicOS Support (v1.0.0)

  • Accurate API Endpoints: Complete endpoint mapping for both SonicOS 7.x (/api/sonicos) and 8.x (/api/sonicos/v8)

  • Version-Aware Features: Automatic detection and utilization of version-specific capabilities

  • Advanced Authentication: Enhanced session management with proper token refresh and error handling

  • Cloud Integration: Full support for SonicOS 8.x cloud management and NSM integration

πŸ›‘οΈ Security & Compliance Enhancements

  • MCP 2024-11-05 Compliance: Full protocol implementation with JSON-RPC 2.0 support

  • Enhanced Error Handling: SonicWall-specific error codes with intelligent retry logic

  • Advanced Validation: Comprehensive JSON Schema validation using AJV

  • Security Hardening: Improved authentication flow with comprehensive audit logging

πŸš€ Performance & Reliability

  • Intelligent Caching: Enhanced TTL management with automatic cleanup

  • Endpoint Optimization: Version-specific timeout and rate limiting configurations

  • Connection Management: Improved retry logic and failover handling

  • Comprehensive Logging: Structured logging with performance metrics and debugging support

πŸ› οΈ Available Tools

analyze_logs

Natural language log analysis with intelligent insights

// Example usage in Claude "Show me suspicious network activity from external IPs in the last 2 hours" "Find brute force attacks on SSH and RDP ports" "Analyze malware detections and their source locations"

get_threats

Real-time threat monitoring and analysis

// Get critical threats { "severity": "critical", "limit": 20 }

search_connections

Advanced connection search and investigation

// Investigate specific IP { "sourceIp": "192.168.1.100", "hoursBack": 24, "limit": 500 }

get_stats

Network statistics and security metrics

// Get top blocked IPs { "metric": "top_blocked_ips", "limit": 10 }

export_logs

Export filtered logs for compliance and analysis

// Export security events as CSV { "format": "csv", "filters": { "severity": ["critical", "high"], "startTime": "2024-01-01T00:00:00Z" } }

πŸ“– Documentation

πŸ—οΈ Architecture

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Claude Code │◄──►│ MCP Server │◄──►│ SonicWall β”‚ β”‚ β”‚SSE β”‚ (Port 3000) β”‚API β”‚ Device β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚ β–Ό β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚ Log Analysis β”‚ β”‚ & Intelligence β”‚ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Key Components:

  • MCP Protocol Layer: Full MCP 2024-11-05 compliance with SSE transport

  • Enhanced API Client: Accurate SonicOS 7.x/8.x endpoints with session management

  • Intelligent Log Parser: Multi-format parsing with version-specific optimizations

  • Analysis Engine: AI-powered natural language processing and threat correlation

  • Performance Cache: High-performance in-memory caching with TTL management

  • Security Framework: Comprehensive authentication and input validation

πŸ”§ Configuration

Basic Configuration

# SonicWall Connection SONICWALL_HOST=your.firewall.ip SONICWALL_USERNAME=admin SONICWALL_PASSWORD=secure_password SONICWALL_VERSION=7 # Server Settings PORT=3000 LOG_LEVEL=info CACHE_TTL_SECONDS=300

Advanced Configuration

# Authentication (Optional) MCP_BEARER_TOKEN=your_secret_token # Performance Tuning CACHE_MAX_SIZE=1000 API_TIMEOUT=30000 MAX_RETRIES=3 # Security CORS_ORIGINS=https://claude.ai,https://localhost:3000 RATE_LIMIT_MAX=100

🐳 Docker Deployment

Prerequisites

  • Docker Engine 24.0+ (latest stable)

  • Docker Compose V2 (integrated plugin, comes with Docker Desktop)

  • Note: Legacy docker-compose command is deprecated, use docker compose

Quick Start Commands

# Production deployment (detached mode) docker compose up -d # Development mode (with hot reload) docker compose -f docker-compose.yml -f docker-compose.dev.yml up # View logs docker compose logs -f sonicwall-mcp # Stop all services docker compose down # Rebuild and restart docker compose up --build -d

NPM Script Shortcuts

# Production deployment npm run docker:up # Development with hot reload npm run docker:dev # View logs npm run docker:logs # Stop services npm run docker:down # Build image only npm run docker:build

Environment Configuration

# Use environment file cp .env.example .env # Edit .env with your SonicWall details docker compose up -d # Or pass environment variables directly SONICWALL_HOST=192.168.1.1 \ SONICWALL_USERNAME=admin \ SONICWALL_PASSWORD=your_password \ docker compose up -d

Docker Compose Files

  • docker-compose.yml - Production configuration

  • docker-compose.dev.yml - Development overrides

  • docker-compose.override.yml - Local customizations (optional)

πŸ§ͺ Testing & Validation

Quick Health Check

# Server status curl http://localhost:3000/health # MCP endpoint test curl -H "Accept: text/event-stream" http://localhost:3000/mcp/v1/sse

SonicWall Connectivity Test

# Test authentication curl -k https://YOUR_SONICWALL/api/sonicos/auth \ -H "Content-Type: application/json" \ -d '{"user":"admin","password":"your_password"}'

Run Test Suite

# All tests npm test # MCP compliance tests npm run test:mcp # SonicWall integration tests npm run test:integration

πŸ”’ Security

Security Features

  • βœ… Transport Security - HTTPS enforcement with comprehensive CORS validation

  • βœ… Authentication - Bearer token support with intelligent rate limiting

  • βœ… Input Validation - JSON Schema validation using AJV with comprehensive sanitization

  • βœ… Container Security - Non-root user execution with read-only filesystem

  • βœ… Data Privacy - Zero sensitive data logging with audit-compliant processing

  • βœ… MCP Compliance - Full protocol security implementation

  • βœ… API Security - SonicWall credential protection with secure session management

Security Checklist

  • Enable API access only from trusted networks

  • Use strong passwords for SonicWall admin accounts

  • Configure MCP_BEARER_TOKEN for additional security

  • Monitor logs for unusual activity

  • Keep SonicWall firmware updated

  • Review firewall rules regularly

🚨 Common Issues

❌ "Authentication Failed"

Problem: Cannot connect to SonicWall API

# Check API is enabled # SonicWall: MANAGE > System Setup > Appliance > SonicOS API βœ“ # Test connectivity ping YOUR_SONICWALL_HOST curl -k https://YOUR_SONICWALL_HOST/api/sonicos/auth

❌ "No logs returned"

Problem: Empty responses from log queries

# Check log levels in SonicWall # Log > Settings > Categories > Enable required log types # Verify time synchronization date

❌ "CORS Error in Browser"

Problem: Browser blocks MCP requests

# Add your domain to CORS_ORIGINS CORS_ORIGINS=https://claude.ai,https://your-domain.com

πŸ“Š Monitoring & Observability

Health Monitoring

# Detailed health status curl http://localhost:3000/health | jq # Response includes: # - Server uptime and status # - SonicWall connectivity # - Cache statistics # - Memory usage

Performance Metrics

# View performance logs docker compose logs sonicwall-mcp | grep "executed successfully" # Example output: # {"timestamp":"2024-01-01T12:00:00.000Z","level":"info","message":"Tool analyze_logs executed successfully","executionTime":245,"resultSize":15420}

Log Analysis

# Error monitoring docker compose logs sonicwall-mcp | grep ERROR # Performance tracking docker compose logs sonicwall-mcp | grep "execution time"

🀝 Contributing

We welcome contributions! Please read our Contributing Guidelines.

Development Setup

# Fork and clone git clone https://github.com/your-username/sonicwall-mcp-server.git cd sonicwall-mcp-server # Install dependencies npm install # Start development server npm run dev # Run tests npm test # Submit PR git checkout -b feature/amazing-feature git commit -m "Add amazing feature" git push origin feature/amazing-feature

πŸ“„ License

MIT License - see LICENSE file for details.

πŸ†˜ Support & Community

πŸ™ Acknowledgments

πŸ”’ Built with security-first principles for enterprise cybersecurity teams

Get Started β€’ API Docs β€’ Troubleshooting

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

New MCP Servers

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gensecaihq/Sonicwall-MCP-Server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server