FortiGate MCP Server

A Model Context Protocol (MCP) server for Fortinet FortiGate management via REST API.

Overview

This MCP server provides a comprehensive interface to manage FortiGate firewalls through the FortiOS REST API v7.4.9. It supports multi-device management, structured responses, and comprehensive firewall operations including policies, addresses, VPN, routing, and system monitoring.

Features

🔥 Multi-Device Management: Manage multiple FortiGate devices from a single MCP server
📊 Structured Responses: All tools return parsed, structured JSON data
🛡️ Comprehensive Coverage: 20+ tools covering all major FortiGate operations
🐳 Docker Support: Easy deployment with Docker Compose
🔒 Secure: API key authentication with SSL verification support
📖 Well Documented: Complete examples and API documentation

Supported Operations

System & Monitoring

get_system_status - Get system information and status
get_system_resources - Monitor CPU, memory, and disk usage
list_active_sessions - View active network sessions
get_interface_statistics - Network interface statistics

Firewall Policies

list_firewall_policies - List all firewall policies
get_firewall_policy - Get specific policy details
create_firewall_policy - Create new firewall policy
update_firewall_policy - Update existing policy
delete_firewall_policy - Delete firewall policy

Address Objects

list_firewall_addresses - List address objects
get_firewall_address - Get specific address object
create_firewall_address - Create address object
update_firewall_address - Update address object
delete_firewall_address - Delete address object

VPN & Routing

list_vpn_ipsec_tunnels - List IPsec VPN tunnels
get_vpn_tunnel_status - Get VPN tunnel status
list_static_routes - List static routes
list_policy_routes - List policy-based routes

High Availability

get_ha_status - Get HA cluster status

Installation

Prerequisites

Python 3.8+
FortiGate device with API access enabled
API token for authentication

Local Installation

Clone the repository:

git clone https://github.com/0xEkho/FORTINET-FortiGate-MCP.git
cd FORTINET-FortiGate-MCP

Install dependencies:

pip install -r requirements.txt

Configure your devices (see Configuration section below)
Run the server:

python -m fortigate_server.server

Docker Installation

Clone the repository:

git clone https://github.com/0xEkho/FORTINET-FortiGate-MCP.git
cd FORTINET-FortiGate-MCP

Configure your devices (see Configuration section below)
Build and start:

cd deploy
docker-compose up -d

The server will be available on http://localhost:8085

Configuration

Multi-Device Setup

Create a devices.json file at the root of the project:

{
  "devices": [
    {
      "name": "firewall-hq",
      "host": "192.168.1.1",
      "api_key": "your-api-key-here",
      "verify_ssl": false,
      "vdom": "root"
    },
    {
      "name": "firewall-branch",
      "host": "192.168.2.1",
      "api_key": "another-api-key",
      "verify_ssl": true,
      "vdom": "root"
    }
  ]
}

You can use devices.json.example as a template.

Configuration Parameters

name: Unique identifier for the device (used in tool calls)
host: FortiGate IP address or hostname
api_key: API token generated from FortiGate
verify_ssl: Enable/disable SSL certificate verification
vdom: Virtual domain (usually "root")

Generating API Keys

Log into your FortiGate web interface
Go to System > Administrators
Create a new REST API Admin
Generate an API key
Set appropriate access permissions

Usage

Direct API Calls

Call tools via HTTP POST:

curl -X POST http://localhost:8085/tools/call \
  -H "Content-Type: application/json" \
  -d '{
    "tool": "get_system_status",
    "arguments": {
      "device_name": "firewall-hq"
    }
  }'

Response:

{
  "success": true,
  "result": {
    "model": {
      "name": "FortiGate",
      "number": "80F",
      "full": "FGT80F"
    },
    "hostname": "FW-HQ",
    "serial": "FGT80FXXXXXXXXXX",
    "version": "v7.4.9",
    "build": 2829,
    "vdom": "root",
    "status": "success"
  }
}

MCP Client Integration

Configure your MCP client (e.g., Claude Desktop) to use this server:

{
  "mcpServers": {
    "fortigate": {
      "url": "http://localhost:8085"
    }
  }
}

Examples

See the examples/ directory for detailed usage examples of each tool:

API Documentation

The server implements FortiOS REST API v7.4.9. Full API documentation is available in the docs/ directory.

Development

Project Structure

FORTINET-FortiGate-MCP/
├── fortigate_server/       # Main server code
│   ├── server.py           # SSE server implementation
│   ├── fortigate_client.py # FortiGate API client
│   ├── tools/              # Tool implementations
│   └── parsers/            # Response parsers
├── deploy/                 # Docker deployment files
├── docs/                   # API documentation
├── examples/               # Usage examples
├── ressources/             # API specifications
└── devices.json            # Device configuration

Adding New Tools

Add tool definition in fortigate_server/server.py
Implement tool logic in fortigate_server/tools/
Create parser in fortigate_server/parsers/
Add example in examples/

Troubleshooting

Connection Issues

Verify FortiGate is reachable: ping <host>
Check API access is enabled on FortiGate
Verify API key is valid and has correct permissions
Check SSL settings (verify_ssl) match your setup

Docker Issues

Ensure port 8085 is not already in use
Verify devices.json exists and is properly mounted
Check logs: docker logs fortigate-mcp-server

Security Considerations

API Keys: Keep API keys secure, never commit to version control
SSL Verification: Use verify_ssl: true in production
Network Access: Restrict access to the MCP server port
Permissions: Use least-privilege API keys on FortiGate

Contributing

Contributions are welcome! Please:

Fork the repository
Create a feature branch
Make your changes
Submit a pull request

License

MIT License - See LICENSE file for details

Author

Created by 0xEkho

Support

🐛 Issues: GitHub Issues
📧 Contact: Via GitHub

Acknowledgments

Fortinet for FortiGate and FortiOS API
MCP (Model Context Protocol) specification

MCP Servers

FortiGate MCP Server

Overview

Features

Supported Operations

System & Monitoring

Firewall Policies

Address Objects

VPN & Routing

High Availability

Installation

Prerequisites

Local Installation

Docker Installation

Configuration

Multi-Device Setup

Configuration Parameters

Generating API Keys

Usage

Direct API Calls

MCP Client Integration

Examples

API Documentation

Development

Project Structure

Adding New Tools

Troubleshooting

Connection Issues

Docker Issues

Security Considerations

Contributing

License

Author

Support

Acknowledgments

安装包（如果需要）

Cursor 配置 (mcp.json)

Centreon MCP

FortiGate MCP Server

Overview

Features

Supported Operations

System & Monitoring

Firewall Policies

Address Objects

VPN & Routing

High Availability

Installation

Prerequisites

Local Installation

Docker Installation

Configuration

Multi-Device Setup

Configuration Parameters

Generating API Keys

Usage

Direct API Calls

MCP Client Integration

Examples

API Documentation

Development

Project Structure

Adding New Tools

Troubleshooting

Connection Issues

Docker Issues

Security Considerations

Contributing

License

Author

Support

Acknowledgments

安装包 （如果需要）

Cursor 配置 (mcp.json)

Centreon MCP

安装包（如果需要）