Check Point CloudGuard WAF MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Check Point CloudGuard WAF MCP ServerCreate a new Web API asset named 'api-v2'"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Check Point CloudGuard WAF MCP Server
A Model Context Protocol (MCP) server that wraps the Check Point CloudGuard WAF Management GraphQL API. This gives AI assistants like Claude the ability to manage your CloudGuard WAF configuration through natural language.
What It Does
This MCP server exposes 68 tools that let an AI assistant fully manage your CloudGuard WAF deployment:
Category | Tools | What You Can Do |
Assets | 9 | Create, update, delete Web Application and Web API assets |
Profiles | 14 | Manage Docker, Kubernetes, Embedded, and AppSec Gateway deployment profiles |
Practices | 10 | Configure Web Application and Web API security practices (IPS, WebAttacks, WebBot, etc.) |
Behaviors | 10 | Manage exceptions, trusted sources, and web user response behaviors |
Zones | 5 | Create and manage security zones |
Triggers | 6 | Configure log triggers with syslog, CEF, cloud, and agent logging |
Policy | 9 | Publish changes, enforce policy, view threat prevention policy |
Agents | 3 | List agents, revoke access, trigger upgrades |
Related MCP server: avanan-mcp
Prerequisites
Python 3.10+
Check Point Infinity Portal account with CloudGuard WAF enabled
API credentials (Client ID and Secret Key) from the Infinity Portal
Installation
Using uv (recommended)
# Clone the repo
git clone https://github.com/presidentsu/checkpoint-waf-mcp.git
cd checkpoint-waf-mcp
# Create venv and install
uv venv
uv pip install -e .Using pip
git clone https://github.com/presidentsu/checkpoint-waf-mcp.git
cd checkpoint-waf-mcp
python -m venv .venv
source .venv/bin/activate # On Windows: .venv\Scripts\activate
pip install -e .Configuration
1. Get API Credentials
Log in to the Check Point Infinity Portal
Go to Settings > API Keys
Create a new API key with CloudGuard WAF permissions
Note your Client ID and Secret Key
2. Set Environment Variables
export CHECKPOINT_CLIENT_ID="your-client-id"
export CHECKPOINT_SECRET_KEY="your-secret-key"
export CHECKPOINT_REGION="us" # Options: us, eu, india, australiaOr copy .env.example to .env and fill in your values.
3. Connect to Your MCP Client
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"checkpoint-waf": {
"command": "uv",
"args": [
"--directory", "/path/to/checkpoint-waf-mcp",
"run", "checkpoint-waf-mcp"
],
"env": {
"CHECKPOINT_CLIENT_ID": "your-client-id",
"CHECKPOINT_SECRET_KEY": "your-secret-key",
"CHECKPOINT_REGION": "us"
}
}
}
}Claude Code (CLI)
Add to your .claude/settings.json:
{
"mcpServers": {
"checkpoint-waf": {
"command": "uv",
"args": [
"--directory", "/path/to/checkpoint-waf-mcp",
"run", "checkpoint-waf-mcp"
],
"env": {
"CHECKPOINT_CLIENT_ID": "your-client-id",
"CHECKPOINT_SECRET_KEY": "your-secret-key",
"CHECKPOINT_REGION": "us"
}
}
}
}Supported Regions
Region | Endpoint |
|
|
|
|
|
|
|
|
Usage Examples
Once connected, you can ask your AI assistant things like:
"List all my WAF assets"
"Create a new Web Application asset called 'prod-app' with upstream URL http://10.0.0.1"
"Show me the security practices attached to asset X"
"Switch the IPS practice to Prevent mode"
"Create a log trigger that sends to my syslog server at 192.168.1.100"
"Publish and enforce the current policy"
"What agents are connected to the production profile?"
Architecture
src/checkpoint_waf_mcp/
├── __main__.py # Entry point
├── config.py # Region endpoints & env var loading
├── auth.py # Token auth with auto-refresh
├── graphql_client.py # Async GraphQL client with retry
├── server.py # FastMCP server & tool registration
├── queries/ # GraphQL query/mutation definitions
│ ├── assets.py
│ ├── profiles.py
│ ├── practices.py
│ ├── behaviors.py
│ ├── zones.py
│ ├── triggers.py
│ ├── policy.py
│ └── utility.py
└── tools/ # MCP tool implementations
├── assets.py
├── profiles.py
├── practices.py
├── behaviors.py
├── zones.py
├── triggers.py
├── policy.py
└── agents.pyLicense
Apache 2.0 - see LICENSE for details.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Presidentsu/checkpoint-waf-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server