Which integrations are available for this server?

Provides comprehensive management of FortiGate devices including firewall policies, address and service objects, virtual IPs, static routes, interfaces, and VDOMs through the FortiGate API.

How do I use FortiGate MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@FortiGate MCP Server list firewall policies on the default device" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

FortiGate MCP Server

FortiGate MCP Server - A comprehensive Model Context Protocol (MCP) server for managing FortiGate devices. This project provides programmatic access to FortiGate devices and enables integration with MCP-compatible tools like Cursor.

🚀 Features

Device Management: Add, remove, and test connections to FortiGate devices
Firewall Management: List, create, update, and delete firewall rules
Network Management: Manage address and service objects
Routing Management: Manage static routes and interfaces
HTTP Transport: MCP protocol over HTTP using FastMCP
Docker Support: Easy installation and deployment
Cursor Integration: Full integration with Cursor IDE

📋 Requirements

Python 3.8+
Access to FortiGate device
API token or username/password

🛠️ Installation

1. Clone the Project

git clone <repository-url> cd fortigate-mcp-server

2. Install Dependencies

# Create virtual environment python -m venv .venv source .venv/bin/activate # Linux/Mac # or .venv\Scripts\activate # Windows # Install dependencies pip install -r requirements.txt

3. Configuration

Edit the config/config.json file:

{ "fortigate": { "devices": { "default": { "host": "192.168.1.1", "port": 443, "username": "admin", "password": "password", "api_token": "your-api-token", "vdom": "root", "verify_ssl": false, "timeout": 30 } } }, "logging": { "level": "INFO", "file": "./logs/fortigate_mcp.log" } }

🚀 Usage

Start HTTP Server

# Start with script ./start_http_server.sh # Or manually python -m src.fortigate_mcp.server_http \ --host 0.0.0.0 \ --port 8814 \ --path /fortigate-mcp \ --config config/config.json

Run with Docker

# Build and start docker-compose up -d # View logs docker-compose logs -f fortigate-mcp-server

🔧 Cursor MCP Integration

1. Cursor MCP Configuration

Edit ~/.cursor/mcp_servers.json in Cursor:

Option 1: Command Connection

{ "mcpServers": { "fortigate-mcp": { "command": "python", "args": [ "-m", "src.fortigate_mcp.server_http", "--host", "0.0.0.0", "--port", "8814", "--path", "/fortigate-mcp", "--config", "/path/to/your/config.json" ], "env": { "FORTIGATE_MCP_CONFIG": "/path/to/your/config.json" } } } }

Option 2: URL Connection (Recommended)

{ "mcpServers": { "FortiGateMCP": { "url": "http://0.0.0.0:8814/fortigate-mcp/", "transport": "http" } } }

2. Using in Cursor

To use FortiGate MCP in Cursor:

Start the server:

cd /media/workspace/fortigate-mcp-server python -m src.fortigate_mcp.server_http --host 0.0.0.0 --port 8814 --path /fortigate-mcp --config config/config.json

Restart Cursor
Ensure MCP server is running
Use FortiGate commands in Cursor

📚 API Commands

Device Management

list_devices - List registered devices
get_device_status - Get device status
test_device_connection - Test connection
add_device - Add new device
remove_device - Remove device
discover_vdoms - Discover VDOMs

Firewall Management

list_firewall_policies - List firewall rules
create_firewall_policy - Create new rule
update_firewall_policy - Update rule
delete_firewall_policy - Delete rule

Network Management

list_address_objects - List address objects
create_address_object - Create address object
list_service_objects - List service objects
create_service_object - Create service object

Virtual IP Management

list_virtual_ips - List virtual IPs
create_virtual_ip - Create virtual IP
update_virtual_ip - Update virtual IP
get_virtual_ip_detail - Get virtual IP detail
delete_virtual_ip - Delete virtual IP

Routing Management

list_static_routes - List static routes
create_static_route - Create static route
update_static_route - Update static route
delete_static_route - Delete static route
get_static_route_detail - Get static route detail
get_routing_table - Get routing table
list_interfaces - List interfaces
get_interface_status - Get interface status

System Commands

health - Health check
test_connection - Connection test
get_schema_info - Schema information

🧪 Testing

Run Tests

# Run all unit tests (default) python -m pytest # Run with coverage python -m pytest --cov=src --cov-report=html # Run specific test categories python -m pytest tests/test_device_manager.py python -m pytest tests/test_fortigate_api.py python -m pytest tests/test_tools.py # Run integration tests (requires server running) python integration_tests.py # Run only unit tests (default) python -m pytest tests/ # Run with verbose output python -m pytest -v # Run with detailed error information python -m pytest --tb=long

Test Categories

Unit Tests: Test individual components and functions
Integration Tests: Test HTTP server functionality (requires server running)
Coverage: Code coverage reporting with HTML output

HTTP Server Test

# Run test script python test_http_server.py

Manual Testing

# Health check curl -X POST http://localhost:8814/fortigate-mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{"jsonrpc": "2.0", "id": 1, "method": "health", "params": {}}' # List devices curl -X POST http://localhost:8814/fortigate-mcp \ -H "Content-Type: application/json" \ -H "Accept: application/json, text/event-stream" \ -d '{"jsonrpc": "2.0", "id": 1, "method": "list_devices", "params": {}}'

📁 Project Structure

fortigate-mcp-server/ ├── src/ │ └── fortigate_mcp/ │ ├── __init__.py │ ├── server_http.py # HTTP MCP server │ ├── config/ # Configuration management │ ├── core/ # Core components │ ├── tools/ # MCP tools │ └── formatting/ # Response formatting ├── config/ │ ├── config.json # Main configuration │ └── config.example.json # Example configuration ├── examples/ │ └── cursor_mcp_config.json # Cursor MCP config ├── logs/ # Log files ├── tests/ # Test files ├── docker-compose.yml # Docker compose ├── Dockerfile # Docker image ├── start_http_server.sh # Startup script ├── test_http_server.py # Test script └── README.md # This file

🔍 Troubleshooting

Common Issues

Connection Error
- Ensure FortiGate device is accessible
- Verify API token or username/password
- Use verify_ssl: false for SSL certificate issues
Port Conflict
- Ensure port 8814 is available
- Change port using --port parameter
Configuration Error
- Ensure config.json is properly formatted
- Check JSON syntax
Cursor MCP Connection Issue
- Ensure server is running
- Verify URL is correct
- Restart Cursor

Logs

Check logs using:

# HTTP server logs tail -f logs/fortigate_mcp.log # Docker logs docker-compose logs -f fortigate-mcp-server

🔒 Security

Recommendations

Use API Tokens
- Use API tokens instead of username/password
- Store tokens securely
SSL Certificate
- Use SSL certificates in production
- Set verify_ssl: true
Network Security
- Run MCP server only on secure networks
- Restrict access with firewall rules
Rate Limiting
- Enable rate limiting
- Limit API calls

🤝 Contributing

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

🙏 Acknowledgments

FastMCP - For MCP HTTP transport
FortiGate API - For FortiGate integration
Cursor - For MCP support

📞 Support

For issues:

Use the Issues page
Check the documentation
Review the logs

Note: This project has been tested with FortiGate devices. Please perform comprehensive testing before using in production.