Which integrations are available for this server?

Provides tools for managing Fortinet FortiAppSec (WAF as a Service), including listing, creating, deleting, and retrieving WAF applications, as well as listing available WAF templates.

How do I use FortiAppSec MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@FortiAppSec MCP Server List all WAF applications" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

FortiAppSec MCP Server

by jmvigueras

Overview Schema Related Servers Score Discussions

Python

Hybrid

FortiAppSec MCP Server

MCP server for managing Fortinet FortiAppSec (WAF as a Service) via AI agents. Built with FastMCP, deployed as a container.

Tools

Tool	Description
`waf_list_applications`	List all WAF applications
`waf_get_application`	Get details of a specific WAF application
`waf_create_application`	Create a new WAF application
`waf_delete_application`	Delete a WAF application
`waf_list_templates`	List available WAF templates

Every tool accepts an optional appsec_api_key parameter. If not provided, the server reads from the FORTINET_APPSEC_API_KEY environment variable. Per-call parameter overrides the environment variable.

Related MCP server: guardrails-mcp-server

Connect from Claude Desktop

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "fortiappsec": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp-fortiappsec.fortidemoscloud.com/mcp"
      ]
    }
  }
}

Connect from Gemini CLI

Add to your Gemini settings (~/.gemini/settings.json):

{
  "mcpServers": {
    "fortiappsec": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://mcp-fortiappsec.fortidemoscloud.com/mcp"
      ]
    }
  }
}

Connect from Kiro / VS Code

Add to .kiro/settings/mcp.json or equivalent:

{
  "mcpServers": {
    "fortiappsec": {
      "url": "https://mcp-fortiappsec.fortidemoscloud.com/mcp"
    }
  }
}

Test with curl

# 1. Initialize session and capture Mcp-Session-Id from headers
export SESSION_ID=$(curl -s -i -X POST https://mcp-fortiappsec.fortidemoscloud.com/mcp \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test-curl","version":"1.0"}}}' \
  | grep -i "mcp-session-id" | awk '{print $2}' | tr -d '\r')

echo "Session ID: $SESSION_ID"

# 2. List tools using the captured Session ID
curl -s -X POST https://mcp-fortiappsec.fortidemoscloud.com/mcp \
  -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list","params":{}}'

# 3. Call a tool (list WAF applications)
curl -s -X POST https://mcp-fortiappsec.fortidemoscloud.com/mcp \
  -H "Content-Type: application/json" \
  -H "Mcp-Session-Id: $SESSION_ID" \
  -d '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"waf_list_applications","arguments":{"appsec_api_key":"YOUR_API_KEY"}}}'

Run locally

# Docker (with API key from environment)
export FORTINET_APPSEC_API_KEY="your_api_key_here"
docker-compose up --build -d

# Or directly
uv sync
FORTINET_APPSEC_API_KEY="your_api_key_here" uv run uvicorn app.server:app --host 0.0.0.0 --port 8000

Server available at http://localhost:8000/mcp with health check at /health.

Deploy to Kubernetes

kubectl apply -f k8s-deployment.yaml

Exposes on NodePort 30082. Image: jviguerasfortinet/mcp-fortiappsec-server:v1.0.0

Tool Parameters

waf_create_application

Parameter	Required	Default	Description
`app_name`	Yes	—	Application name
`domain_name`	Yes	—	Primary domain name
`server_address`	Yes	—	Backend server address
`appsec_api_key`	No	""	FortiAppSec API key (uses env var if not provided)
`server_port`	No	80	Backend server port
`extra_domains`	No	""	Additional domains (comma-separated)
`custom_port_http`	No	80	HTTP listening port
`custom_port_https`	No	443	HTTPS listening port
`cdn_status`	No	0	CDN status (0=disabled, 1=enabled)
`region`	No	eu-west-1	Cloud region
`platform`	No	AWS	Platform type
`block_mode`	No	1	Block mode (0=monitor, 1=block)
`service`	No	http,https	Services (comma-separated)
`server_type`	No	http	Server type
`server_country`	No	Ireland	Server country
`template_id`	No	355e3ce6-...	Template ID

waf_list_applications / waf_list_templates

Parameter	Required	Description
`appsec_api_key`	No	FortiAppSec API key (uses `FORTINET_APPSEC_API_KEY` env var if not provided)

waf_get_application / waf_delete_application

Parameter	Required	Description
`app_id`	Yes	Application ID
`appsec_api_key`	No	FortiAppSec API key (uses `FORTINET_APPSEC_API_KEY` env var if not provided)

License

MIT

This server cannot be installed

license - permissive license

quality - not tested

maintenance

How are these scores calculated?

Maintenance

–Maintainers

–Response time

–Release cycle

–Releases (12mo)

Commit activity

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jmvigueras/mcp-fortiappsec-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server