home / mcp / firewalla mcp server
Firewalla MCP Server - Claude integration for network security monitoring and firewall management
Configuration
View docs{
"mcpServers": {
"amittell-firewalla-mcp-server": {
"url": "http://localhost:3000/mcp",
"headers": {
"FIREWALLA_BOX_ID": "your_box_gid_here",
"FIREWALLA_MSP_ID": "yourdomain.firewalla.net",
"FIREWALLA_MSP_TOKEN": "your_msp_access_token_here"
}
}
}
}You can run a Firewalla MCP Server to access real-time Firewalla firewall data through a suite of tools. It connects Claude-based clients and other MCP clients to Firewalla via a lightweight MCP bridge, translating client requests into Firewalla API calls and returning results in a consistent, MCP-friendly format.
Launch the MCP server in either stdio or HTTP transport mode, then connect your MCP client (such as Claude Desktop, Claude Code, or an MCP-enabled editor). Start with a basic health check to confirm the server is up, then issue queries to retrieve alarms, flows, device status, and rule information. Use the HTTP transport when you need external access or multiple clients, and use stdio when you integrate with a local client or a single-process workflow.
Prerequisites you need before installing are Node.js 18+ and npm, plus a Firewalla MSP account with API access and a online Firewalla device.
# Install the MCP server globally (recommended)
npm install -g firewalla-mcp-server
# Or install locally in your project
npm install firewalla-mcp-serverChoose your transport mode and set credentials in a .env file or via environment variables when you run the server.
# Required
FIREWALLA_MSP_TOKEN=your_msp_access_token_here
FIREWALLA_MSP_ID=yourdomain.firewalla.net
# Optional - filters all queries to a specific box
FIREWALLA_BOX_ID=your_box_gid_here
```
```bash
# Build and start the MCP server (example using npm scripts if provided)
npm run build
npm run mcp:start
```
```bash
# Alternative: run with npx (production scenario)
npx firewalla-mcp-serverThe MCP server supports two transport modes: stdio (default) and HTTP transport.
# Stdio transport (default)
MCP_TRANSPORT=stdio
# HTTP transport (for external access)
MCP_TRANSPORT=http
MCP_HTTP_PORT=3000
MCP_HTTP_PATH=/mcpIf you install via npm, you can start the MCP server with the standard npx command during client setup.
npx firewalla-mcp-serverOnce connected, begin with basic queries to verify alarms, network flows, and device status. Explore the 28 tools to perform security analysis, bandwidth monitoring, rule management, and target list operations. Use the advanced search features to filter results by type, time range, IP, and other attributes.
Retrieve currently active security alarms and summarize their status.
Fetch details for a single alarm by its identifier.
Retrieve recent network flow records with optional filters.
Identify top bandwidth users and overall usage patterns.
List devices that are currently offline.
Check the online/offline status of a given device.
List Firewalla boxes/units tied to the MSP account.
Perform advanced searches across devices with filters and temporal queries.
List firewall rules and their current state.
Temporarily pause a firewall rule without deleting it.
Resume a paused firewall rule.
List security target lists and their categories.
Create a new security target list.
Update an existing target list.
Delete a target list.
Search network flows with complex queries and time ranges.
Search alarms using advanced filters and operators.
Search firewall rules for insights on impact and performance.
Search within target lists for matches and categories.
Return high-level statistics and summaries for quick health checks.
Provide insights into traffic patterns by category and time.
Show trends in network flows over a period of time.
Show trends in alarms and security events.
Return a recent set of flow records to review recent activity.
Identify devices with the most network activity over a period.
Enrich data with geographic information and risk indicators.