Provides comprehensive management of FortiGate devices including firewall policies, address and service objects, virtual IPs, static routes, interfaces, and VDOMs through the FortiGate API.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@FortiGate MCP Serverlist firewall policies on the default device"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
FortiGate MCP Server
FortiGate MCP Server - A comprehensive Model Context Protocol (MCP) server for managing FortiGate devices. This project provides programmatic access to FortiGate devices and enables integration with MCP-compatible tools like Cursor.
π Features
Device Management: Add, remove, and test connections to FortiGate devices
Firewall Management: List, create, update, and delete firewall rules
Network Management: Manage address and service objects
Routing Management: Manage static routes and interfaces
HTTP Transport: MCP protocol over HTTP using FastMCP
Docker Support: Easy installation and deployment
Cursor Integration: Full integration with Cursor IDE
π Requirements
Python 3.8+
Access to FortiGate device
API token or username/password
π οΈ Installation
1. Clone the Project
git clone <repository-url>
cd fortigate-mcp-server2. Install Dependencies
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Linux/Mac
# or
.venv\Scripts\activate # Windows
# Install dependencies
pip install -r requirements.txt3. Configuration
Edit the config/config.json file:
{
"fortigate": {
"devices": {
"default": {
"host": "192.168.1.1",
"port": 443,
"username": "admin",
"password": "password",
"api_token": "your-api-token",
"vdom": "root",
"verify_ssl": false,
"timeout": 30
}
}
},
"logging": {
"level": "INFO",
"file": "./logs/fortigate_mcp.log"
}
}π Usage
Start HTTP Server
# Start with script
./start_http_server.sh
# Or manually
python -m src.fortigate_mcp.server_http \
--host 0.0.0.0 \
--port 8814 \
--path /fortigate-mcp \
--config config/config.jsonRun with Docker
# Build and start
docker-compose up -d
# View logs
docker-compose logs -f fortigate-mcp-serverπ§ Cursor MCP Integration
1. Cursor MCP Configuration
Edit ~/.cursor/mcp_servers.json in Cursor:
Option 1: Command Connection
{
"mcpServers": {
"fortigate-mcp": {
"command": "python",
"args": [
"-m",
"src.fortigate_mcp.server_http",
"--host",
"0.0.0.0",
"--port",
"8814",
"--path",
"/fortigate-mcp",
"--config",
"/path/to/your/config.json"
],
"env": {
"FORTIGATE_MCP_CONFIG": "/path/to/your/config.json"
}
}
}
}Option 2: URL Connection (Recommended)
{
"mcpServers": {
"FortiGateMCP": {
"url": "http://0.0.0.0:8814/fortigate-mcp/",
"transport": "http"
}
}
}2. Using in Cursor
To use FortiGate MCP in Cursor:
Start the server:
cd /media/workspace/fortigate-mcp-server
python -m src.fortigate_mcp.server_http --host 0.0.0.0 --port 8814 --path /fortigate-mcp --config config/config.jsonRestart Cursor
Ensure MCP server is running
Use FortiGate commands in Cursor
π API Commands
Device Management
list_devices- List registered devicesget_device_status- Get device statustest_device_connection- Test connectionadd_device- Add new deviceremove_device- Remove devicediscover_vdoms- Discover VDOMs
Firewall Management
list_firewall_policies- List firewall rulescreate_firewall_policy- Create new ruleupdate_firewall_policy- Update ruledelete_firewall_policy- Delete rule
Network Management
list_address_objects- List address objectscreate_address_object- Create address objectlist_service_objects- List service objectscreate_service_object- Create service object
Virtual IP Management
list_virtual_ips- List virtual IPscreate_virtual_ip- Create virtual IPupdate_virtual_ip- Update virtual IPget_virtual_ip_detail- Get virtual IP detaildelete_virtual_ip- Delete virtual IP
Routing Management
list_static_routes- List static routescreate_static_route- Create static routeupdate_static_route- Update static routedelete_static_route- Delete static routeget_static_route_detail- Get static route detailget_routing_table- Get routing tablelist_interfaces- List interfacesget_interface_status- Get interface status
System Commands
health- Health checktest_connection- Connection testget_schema_info- Schema information
π§ͺ Testing
Run Tests
# Run all unit tests (default)
python -m pytest
# Run with coverage
python -m pytest --cov=src --cov-report=html
# Run specific test categories
python -m pytest tests/test_device_manager.py
python -m pytest tests/test_fortigate_api.py
python -m pytest tests/test_tools.py
# Run integration tests (requires server running)
python integration_tests.py
# Run only unit tests (default)
python -m pytest tests/
# Run with verbose output
python -m pytest -v
# Run with detailed error information
python -m pytest --tb=longTest Categories
Unit Tests: Test individual components and functions
Integration Tests: Test HTTP server functionality (requires server running)
Coverage: Code coverage reporting with HTML output
HTTP Server Test
# Run test script
python test_http_server.pyManual Testing
# Health check
curl -X POST http://localhost:8814/fortigate-mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "health", "params": {}}'
# List devices
curl -X POST http://localhost:8814/fortigate-mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc": "2.0", "id": 1, "method": "list_devices", "params": {}}'π Project Structure
fortigate-mcp-server/
βββ src/
β βββ fortigate_mcp/
β βββ __init__.py
β βββ server_http.py # HTTP MCP server
β βββ config/ # Configuration management
β βββ core/ # Core components
β βββ tools/ # MCP tools
β βββ formatting/ # Response formatting
βββ config/
β βββ config.json # Main configuration
β βββ config.example.json # Example configuration
βββ examples/
β βββ cursor_mcp_config.json # Cursor MCP config
βββ logs/ # Log files
βββ tests/ # Test files
βββ docker-compose.yml # Docker compose
βββ Dockerfile # Docker image
βββ start_http_server.sh # Startup script
βββ test_http_server.py # Test script
βββ README.md # This fileπ Troubleshooting
Common Issues
Connection Error
Ensure FortiGate device is accessible
Verify API token or username/password
Use
verify_ssl: falsefor SSL certificate issues
Port Conflict
Ensure port 8814 is available
Change port using
--portparameter
Configuration Error
Ensure
config.jsonis properly formattedCheck JSON syntax
Cursor MCP Connection Issue
Ensure server is running
Verify URL is correct
Restart Cursor
Logs
Check logs using:
# HTTP server logs
tail -f logs/fortigate_mcp.log
# Docker logs
docker-compose logs -f fortigate-mcp-serverπ Security
Recommendations
Use API Tokens
Use API tokens instead of username/password
Store tokens securely
SSL Certificate
Use SSL certificates in production
Set
verify_ssl: true
Network Security
Run MCP server only on secure networks
Restrict access with firewall rules
Rate Limiting
Enable rate limiting
Limit API calls
π€ Contributing
Fork the repository
Create a feature branch (
git checkout -b feature/amazing-feature)Commit your changes (
git commit -m 'Add amazing feature')Push to the branch (
git push origin feature/amazing-feature)Open a Pull Request
π License
This project is licensed under the MIT License. See the LICENSE file for details.
π Acknowledgments
FastMCP - For MCP HTTP transport
FortiGate API - For FortiGate integration
Cursor - For MCP support
π Support
For issues:
Use the Issues page
Check the documentation
Review the logs
Note: This project has been tested with FortiGate devices. Please perform comprehensive testing before using in production.