scm-mcp

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description
`SCM_TSG_ID`	Yes	Default Tenant Service Group ID
`SCM_CLIENT_ID`	Yes	OAuth2 client ID from the SCM service account
`SCM_TSG_<NAME>`	No	Named TSG alias — pass <NAME> as tsg_id to any tool
`SCM_CLIENT_SECRET`	Yes	OAuth2 client secret from the SCM service account

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
scm_list_foldersB	List all folders in Strata Cloud Manager. Returns a list of folder objects. Folders form the container hierarchy used to scope firewall configuration (policies, objects, etc.). Args: tsg_id: Optional TSG ID or named alias (e.g. 'PROD'). Defaults to SCM_TSG_ID.
scm_get_folderB	Get a single folder by its UUID. Args: folder_id: The UUID of the folder to retrieve. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_folderB	Create a new folder in Strata Cloud Manager. Args: name: Unique name for the folder. parent: Name of the parent folder (e.g. 'All', 'Texas'). description: Optional human-readable description. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_folderA	Update an existing folder. Fetch the folder first, modify the returned object, then pass it to this tool. At least one of name or description must be provided. Args: folder_id: UUID of the folder to update. name: New name for the folder (optional). description: New description (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_folderA	Delete a folder by its UUID. WARNING: This is irreversible. Ensure the folder has no dependent configuration objects before deleting. Args: folder_id: UUID of the folder to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_snippetsA	List all configuration snippets in Strata Cloud Manager. Snippets are reusable configuration elements that can be associated with folders or devices. They allow shared config to be applied to a subset of firewalls without full folder inheritance. Args: tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_snippetC	Get a single snippet by its UUID. Args: snippet_id: The UUID of the snippet to retrieve. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_snippetB	Create a new configuration snippet. Args: name: Unique name for the snippet. description: Optional human-readable description. labels: Optional list of label strings for categorization. enable_prefix: Whether to enable name prefixing (default False). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_snippetB	Update an existing snippet's metadata. Args: snippet_id: UUID of the snippet to update. name: New name (optional). description: New description (optional). labels: New label list (optional — replaces existing labels). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_snippetA	Delete a snippet by its UUID. WARNING: This is irreversible. Disassociate the snippet from all folders and devices before deleting. Args: snippet_id: UUID of the snippet to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_associate_snippet_to_folderB	Associate a snippet with a folder. Once associated, the snippet's configuration is applied to firewalls in that folder. Args: snippet_id: UUID of the snippet. folder_id: UUID of the folder to associate with. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_disassociate_snippet_from_folderC	Remove the association between a snippet and a folder. Args: snippet_id: UUID of the snippet. folder_id: UUID of the folder to disassociate from. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_addressesB	List address objects in a folder. Args: folder: Folder name to scope the query (e.g. 'All', 'Texas'). name: Optional filter by address name (exact match). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_addressC	Get a single address object by UUID. Args: address_id: UUID of the address object. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_addressA	Create an address object. Exactly one of ip_netmask, ip_range, ip_wildcard, or fqdn must be provided. Args: name: Unique name for the address object. folder: Folder to create the object in (e.g. 'Texas'). ip_netmask: CIDR notation (e.g. '10.0.0.0/8' or '192.168.1.1/32'). ip_range: IP range (e.g. '10.0.0.1-10.0.0.10'). ip_wildcard: Wildcard mask (e.g. '10.20.1.0/0.0.248.255'). fqdn: Fully qualified domain name (e.g. 'example.com'). description: Optional description. tag: Optional list of tag names to apply. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_addressB	Update an existing address object. Args: address_id: UUID of the address object to update. name: New name (optional). ip_netmask: New CIDR (optional). ip_range: New IP range (optional). ip_wildcard: New wildcard mask (optional). fqdn: New FQDN (optional). description: New description (optional). tag: New tag list (optional — replaces existing tags). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_addressB	Delete an address object by UUID. Args: address_id: UUID of the address object to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_address_groupsC	List address group objects in a folder. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_address_groupB	Get a single address group by UUID. Args: group_id: UUID of the address group. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_address_groupA	Create an address group. Provide either static (list of address object names) or dynamic_filter (a tag-based filter expression), not both. Args: name: Unique name for the address group. folder: Folder to create the group in. static: List of address object names for a static group. dynamic_filter: Tag-filter expression for a dynamic group (e.g. "'tag1' and 'tag2'"). description: Optional description. tag: Optional list of tag names to apply to the group itself. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_address_groupB	Update an existing address group. Args: group_id: UUID of the address group to update. name: New name (optional). static: New list of static addresses (optional). dynamic_filter: New dynamic filter expression (optional). description: New description (optional). tag: New tag list (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_address_groupC	Delete an address group by UUID. Args: group_id: UUID of the address group to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_servicesC	List service objects in a folder. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_serviceC	Get a single service object by UUID. Args: service_id: UUID of the service object. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_serviceB	Create a service object. Args: name: Unique name for the service. folder: Folder to create the service in. protocol: Transport protocol — 'tcp' or 'udp'. destination_port: Destination port(s), e.g. '80', '443', '8080-8090'. source_port: Optional source port(s). description: Optional description. tag: Optional list of tag names. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_serviceA	Update a service object's name, description, or tags. To change the protocol or port, delete and recreate the service. Args: service_id: UUID of the service object to update. name: New name (optional). description: New description (optional). tag: New tag list (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_serviceC	Delete a service object by UUID. Args: service_id: UUID of the service object to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_service_groupsC	List service group objects in a folder. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_service_groupC	Get a single service group by UUID. Args: group_id: UUID of the service group. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_service_groupC	Create a service group. Args: name: Unique name for the service group. folder: Folder to create the group in. members: List of service object names to include. tag: Optional list of tag names. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_service_groupB	Update a service group. Args: group_id: UUID of the service group to update. name: New name (optional). members: New members list (optional — replaces existing members). tag: New tag list (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_service_groupB	Delete a service group by UUID. Args: group_id: UUID of the service group to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_tagsC	List tags in a folder. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_tagC	Get a single tag by UUID. Args: tag_id: UUID of the tag. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_tagB	Create a tag. Args: name: Unique name for the tag. folder: Folder to create the tag in. color: Optional color name (e.g. 'Red', 'Blue', 'Green'). comments: Optional description/comments. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_tagC	Update an existing tag. Args: tag_id: UUID of the tag to update. name: New name (optional). color: New color (optional). comments: New comments (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_tagC	Delete a tag by UUID. Args: tag_id: UUID of the tag to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_log_forwarding_profilesA	List log forwarding profiles in a folder. Log forwarding profiles define where firewall logs (traffic, threat, etc.) are sent — e.g. to Panorama, syslog, or HTTP servers. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_log_forwarding_profileC	Get a single log forwarding profile by UUID. Args: profile_id: UUID of the log forwarding profile. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_log_forwarding_profileB	Create a log forwarding profile. Args: name: Unique name for the profile. folder: Folder to create the profile in. description: Optional description. enhanced_logging: Enable enhanced application logging (default False). match_list: Optional list of match list entries defining log destinations. Each entry is a dict with keys like: name, log_type, filter, send_syslog, send_http, send_email. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_log_forwarding_profileB	Delete a log forwarding profile by UUID. Args: profile_id: UUID of the log forwarding profile to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_http_server_profilesC	List HTTP server profiles in a folder. HTTP server profiles define HTTP endpoints that receive log data from log forwarding profiles. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_http_server_profileC	Get a single HTTP server profile by UUID. Args: profile_id: UUID of the HTTP server profile. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_http_server_profileB	Create an HTTP server profile. Args: name: Unique name for the profile. folder: Folder to create the profile in. server: List of server definitions. Each dict requires: name, address, protocol ('HTTP' or 'HTTPS'), port (default 443), and optionally http_method ('POST' or 'PUT'), tls_version, certificate_profile. description: Optional description. tag_registration: Enable tag registration via HTTP (default False). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_http_server_profileB	Delete an HTTP server profile by UUID. Args: profile_id: UUID of the HTTP server profile to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_syslog_server_profilesC	List syslog server profiles in a folder. Syslog server profiles define syslog endpoints for log forwarding. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_syslog_server_profileB	Get a single syslog server profile by UUID. Args: profile_id: UUID of the syslog server profile. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_syslog_server_profileB	Create a syslog server profile. Args: name: Unique name for the profile. folder: Folder to create the profile in. server: List of syslog server definitions. Each dict requires: name, server (hostname/IP), and optionally transport ('UDP', 'TCP', 'SSL'), port (default 514), format ('BSD' or 'IETF'), facility. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_syslog_server_profileB	Delete a syslog server profile by UUID. Args: profile_id: UUID of the syslog server profile to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_applicationsC	List application objects in a folder. Applications are the building blocks of application-based security policy. This returns both predefined and custom application objects. Args: folder: Folder name to scope the query (e.g. 'All', 'Predefined'). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_applicationC	Get a single application object by UUID. Args: app_id: UUID of the application object. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_applicationB	Create a custom application object. Args: name: Unique name for the application. folder: Folder to create the application in. category: Application category (e.g. 'business-systems', 'collaboration'). subcategory: Application subcategory (e.g. 'database', 'email'). technology: Underlying technology (e.g. 'client-server', 'peer-to-peer'). risk: Risk level 1-5 (1=low, 5=critical). description: Optional description. ports: Optional list of port/protocol entries (e.g. ['tcp/80', 'udp/53']). evasive: Application uses evasion techniques (default False). pervasive: Application is widely used (default False). excessive_bandwidth: Consumes excessive bandwidth (default False). used_by_malware: Known to be used by malware (default False). transfers_files: Capable of file transfer (default False). has_known_vulnerabilities: Has known CVEs (default False). tunnels_other_apps: Can tunnel other applications (default False). prone_to_misuse: Prone to misuse (default False). tag: Optional list of tag names. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_applicationB	Update a custom application object. Args: app_id: UUID of the application to update. name: New name (optional). description: New description (optional). risk: New risk level 1-5 (optional). ports: New port list (optional — replaces existing). tag: New tag list (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_applicationC	Delete a custom application object by UUID. Args: app_id: UUID of the application to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_application_groupsC	List application group objects in a folder. Application groups bundle multiple applications for use in security policy. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_application_groupC	Get a single application group by UUID. Args: group_id: UUID of the application group. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_application_groupB	Create an application group. Args: name: Unique name for the application group. folder: Folder to create the group in. members: List of application names to include. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_application_groupB	Update an application group. Args: group_id: UUID of the application group to update. name: New name (optional). members: New members list (optional — replaces existing). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_application_groupC	Delete an application group by UUID. Args: group_id: UUID of the application group to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_application_filtersB	List application filter objects in a folder. Application filters dynamically match applications based on attributes (category, subcategory, technology, risk) for use in security policy. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_application_filterB	Get a single application filter by UUID. Args: filter_id: UUID of the application filter. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_application_filterA	Create an application filter. Filters match applications dynamically by their attributes. At least one filter criterion should be specified. Args: name: Unique name for the filter. folder: Folder to create the filter in. category: Match applications in these categories (optional). subcategory: Match applications in these subcategories (optional). technology: Match applications using these technologies (optional). risk: Match applications with these risk levels 1-5 (optional). evasive: Match evasive applications (optional). used_by_malware: Match applications used by malware (optional). transfers_files: Match applications that transfer files (optional). has_known_vulnerabilities: Match apps with known CVEs (optional). tunnels_other_apps: Match apps that tunnel other apps (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_application_filterB	Delete an application filter by UUID. Args: filter_id: UUID of the application filter to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_schedulesC	List schedule objects in a folder. Schedules define time windows for use in security policy — recurring (weekly) or non-recurring (one-time) time ranges. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_scheduleC	Get a single schedule object by UUID. Args: schedule_id: UUID of the schedule object. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_scheduleB	Create a schedule object. Args: name: Unique name for the schedule. folder: Folder to create the schedule in. schedule_type: Schedule definition dict. For recurring weekly schedule: {'recurring': {'weekly': {'monday': ['09:00-17:00'], 'tuesday': ['09:00-17:00']}}}. For non-recurring (one-time) schedule: {'non_recurring': ['2026-01-01T09:00:00/2026-01-01T17:00:00']}. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_scheduleB	Update an existing schedule object. Args: schedule_id: UUID of the schedule to update. name: New name (optional). schedule_type: New schedule definition dict (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_scheduleB	Delete a schedule object by UUID. Args: schedule_id: UUID of the schedule to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_external_dynamic_listsA	List external dynamic lists (EDLs) in a folder. EDLs are feeds of IP addresses, URLs, or domains pulled from external sources (HTTP/HTTPS) and used in security policy. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_external_dynamic_listA	Get a single external dynamic list by UUID. Args: edl_id: UUID of the external dynamic list. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_external_dynamic_listA	Create an external dynamic list. Args: name: Unique name for the EDL. folder: Folder to create the EDL in. list_type: Type and source configuration dict. For an IP list: {'ip': {'url': 'https://feeds.example.com/blocklist.txt', 'recurring': {'daily': {'at': '01:00'}}}}. For a URL list: {'url': {'url': '...', 'recurring': {...}}}. For a domain list: {'domain': {'url': '...', 'recurring': {...}}}. The 'recurring' key controls fetch frequency: {'five_minute': {}}, {'hourly': {}}, {'daily': {'at': 'HH:MM'}}, {'weekly': {'day_of_week': 'monday', 'at': 'HH:MM'}}. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_external_dynamic_listC	Update an existing external dynamic list. Args: edl_id: UUID of the EDL to update. name: New name (optional). list_type: New type/source configuration dict (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_external_dynamic_listB	Delete an external dynamic list by UUID. Args: edl_id: UUID of the EDL to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_security_rulesB	List security policy rules in a folder. Args: folder: Folder name to scope the query (e.g. 'All', 'Texas'). rulebase: Which rulebase to query — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_security_ruleA	Get a single security rule by UUID. Args: rule_id: UUID of the security rule. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_security_ruleB	Create a security policy rule. Args: name: Unique name for the rule. folder: Folder to create the rule in. action: Rule action — 'allow' or 'deny'. source_zone: List of source zone names (e.g. ['trust', 'any']). destination_zone: List of destination zone names. source: List of source address objects/groups (default ['any']). destination: List of destination address objects/groups (default ['any']). application: List of application names (default ['any']). service: List of service names (default ['application-default']). profile_setting: Optional security profile group dict, e.g. {'group': ['best-practice']}. log_setting: Optional log forwarding profile name. description: Optional description. tag: Optional list of tag names. disabled: Whether the rule is disabled (default False). rulebase: Which rulebase to add the rule to — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_security_ruleB	Update an existing security rule. Args: rule_id: UUID of the security rule to update. name: New name (optional). action: New action — 'allow' or 'deny' (optional). source_zone: New source zones (optional). destination_zone: New destination zones (optional). source: New source addresses (optional). destination: New destination addresses (optional). application: New applications (optional). service: New services (optional). profile_setting: New profile setting dict (optional). log_setting: New log forwarding profile (optional). description: New description (optional). tag: New tag list (optional). disabled: New disabled state (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_security_ruleC	Delete a security rule by UUID. Args: rule_id: UUID of the security rule to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_move_security_ruleB	Move a security rule to a different position in the rulebase. Args: rule_id: UUID of the rule to move. destination: Where to move the rule — 'top', 'bottom', 'before', or 'after'. folder: Folder context for the move operation. destination_rule: UUID of the pivot rule (required when destination is 'before' or 'after'). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_security_zonesC	List security zones in a folder. Args: folder: Folder name to scope the query. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_security_zoneB	Get a single security zone by UUID. Args: zone_id: UUID of the security zone. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_security_zoneB	Create a security zone. Args: name: Unique name for the zone. folder: Folder to create the zone in. enable_user_id: Enable User-ID for this zone (default False). dos_profile: Optional DoS protection profile name. dos_log_setting: Optional DoS log forwarding profile name. network_layer3: Optional list of Layer 3 interface names to add. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_security_zoneB	Update an existing security zone. Args: zone_id: UUID of the security zone to update. name: New name (optional). enable_user_id: New User-ID enabled state (optional). dos_profile: New DoS protection profile name (optional). network_layer3: New list of Layer 3 interfaces (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_security_zoneB	Delete a security zone by UUID. Args: zone_id: UUID of the security zone to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_decryption_rulesB	List decryption policy rules in a folder. Decryption rules control SSL/TLS traffic inspection — which sessions are decrypted, forwarded, or excluded from decryption. Args: folder: Folder name to scope the query. rulebase: Which rulebase — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_decryption_ruleC	Get a single decryption rule by UUID. Args: rule_id: UUID of the decryption rule. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_decryption_ruleB	Create a decryption policy rule. Args: name: Unique name for the rule. folder: Folder to create the rule in. action: Decryption action — 'decrypt', 'no-decrypt'. source_zone: List of source zone names. destination_zone: List of destination zone names. source: Source address objects/groups (default ['any']). destination: Destination address objects/groups (default ['any']). service: List of service names (default ['any']). profile: Decryption profile name to apply (optional). description: Optional description. tag: Optional list of tag names. disabled: Whether the rule is disabled (default False). rulebase: Rulebase — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_decryption_ruleB	Update an existing decryption rule. Args: rule_id: UUID of the decryption rule to update. name: New name (optional). action: New action (optional). source_zone: New source zones (optional). destination_zone: New destination zones (optional). source: New source addresses (optional). destination: New destination addresses (optional). service: New services (optional). profile: New decryption profile (optional). description: New description (optional). tag: New tag list (optional). disabled: New disabled state (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_decryption_ruleB	Delete a decryption rule by UUID. Args: rule_id: UUID of the decryption rule to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_authentication_rulesB	List authentication policy rules in a folder. Authentication rules enforce user identity verification before allowing access — typically used with Captive Portal or MFA. Args: folder: Folder name to scope the query. rulebase: Which rulebase — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_authentication_ruleC	Get a single authentication rule by UUID. Args: rule_id: UUID of the authentication rule. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_authentication_ruleB	Create an authentication policy rule. Args: name: Unique name for the rule. folder: Folder to create the rule in. source_zone: List of source zone names. destination_zone: List of destination zone names. authentication_enforcement: Authentication enforcement profile name. source: Source address objects/groups (default ['any']). destination: Destination address objects/groups (default ['any']). source_user: Source user/group names (default ['any']). description: Optional description. tag: Optional list of tag names. disabled: Whether the rule is disabled (default False). rulebase: Rulebase — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_authentication_ruleB	Update an existing authentication rule. Args: rule_id: UUID of the authentication rule to update. name: New name (optional). source_zone: New source zones (optional). destination_zone: New destination zones (optional). authentication_enforcement: New enforcement profile (optional). source: New source addresses (optional). destination: New destination addresses (optional). source_user: New source users/groups (optional). description: New description (optional). tag: New tag list (optional). disabled: New disabled state (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_authentication_ruleB	Delete an authentication rule by UUID. Args: rule_id: UUID of the authentication rule to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_nat_rulesB	List NAT rules in a folder. Args: folder: Folder name to scope the query. position: Rule position — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_get_nat_ruleB	Get a single NAT rule by UUID. Args: rule_id: UUID of the NAT rule. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_create_nat_ruleB	Create a NAT rule. Args: name: Unique name for the NAT rule. folder: Folder to create the rule in. nat_type: NAT type — 'ipv4' (most common), 'nat64', or 'nptv6'. source_zone: List of source zone names. destination_zone: List of destination zone names. source: Source address objects/groups (default ['any']). destination: Destination address objects/groups (default ['any']). service: Service name (default 'any'). source_translation: Dict describing source NAT, e.g. {'dynamic_ip_and_port': {'interface_address': {'interface': 'ethernet1/1'}}}. destination_translation: Dict describing destination NAT (DNAT/port forwarding), e.g. {'translated_address': '10.0.0.5', 'translated_port': 8080}. description: Optional description. tag: Optional list of tag names. disabled: Whether the rule is disabled (default False). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_update_nat_ruleB	Update an existing NAT rule. Args: rule_id: UUID of the NAT rule to update. name: New name (optional). source_zone: New source zones (optional). destination_zone: New destination zones (optional). source: New source addresses (optional). destination: New destination addresses (optional). service: New service (optional). source_translation: New source translation config (optional). destination_translation: New destination translation config (optional). description: New description (optional). tag: New tag list (optional). disabled: New disabled state (optional). tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_delete_nat_ruleB	Delete a NAT rule by UUID. Args: rule_id: UUID of the NAT rule to delete. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.
scm_list_pbf_rulesA	List policy-based forwarding (PBF) rules in a folder. PBF rules override routing table decisions — useful for directing specific traffic through a different egress interface or next-hop. Args: folder: Folder name to scope the query. rulebase: Which rulebase — 'pre' (default) or 'post'. tsg_id: Optional TSG ID or named alias. Defaults to SCM_TSG_ID.

Prompts

Interactive templates invoked by user choice

Name	Description
No prompts

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ReverseThrottle/scm-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server