The SonicWall MCP Server provides intelligent analysis of SonicWall firewall logs through natural language queries. This server connects to your SonicWall device, processes log data, and enables you to interact with the information using conversational AI queries. It supports both SonicOS 7.x and 8.x with version-specific features.
Before installing the SonicWall MCP Server, ensure you have:
git clone https://github.com/gensecaihq/sonicwall-mcp-server.git
cd sonicwall-mcp-server
# Copy example configuration
cp .env.example .env
# Edit with your SonicWall details
nano .env
Required configuration:
SONICWALL_HOST=192.168.1.1
SONICWALL_USERNAME=admin
SONICWALL_PASSWORD=your_password
SONICWALL_VERSION=7 # or 8 for SonicOS 8.x
Using Docker (Recommended):
docker compose up -d
# or using npm script
npm run docker:up
Using Node.js:
npm install
npm run build
npm start
# Check server health
curl http://localhost:3000/health
# Expected response:
# {"status":"healthy","protocol":"MCP/2025-06-18","version":"1.0.0"}
Add to your Claude Desktop configuration (claude_desktop_config.json):
{
"mcpServers": {
"sonicwall": {
"transport": "sse",
"url": "http://localhost:3000/mcp/v1/sse"
}
}
}
Now you can start using SonicWall analysis in Claude with queries like:
Natural language log analysis with intelligent insights:
// Example usage in Claude
"Show me suspicious network activity from external IPs in the last 2 hours"
"Find brute force attacks on SSH and RDP ports"
"Analyze malware detections and their source locations"
Real-time threat monitoring and analysis:
// Get critical threats
{
"severity": "critical",
"limit": 20
}
Advanced connection search and investigation:
// Investigate specific IP
{
"sourceIp": "192.168.1.100",
"hoursBack": 24,
"limit": 500
}
Network statistics and security metrics:
// Get top blocked IPs
{
"metric": "top_blocked_ips",
"limit": 10
}
Export filtered logs for compliance and analysis:
// Export security events as CSV
{
"format": "csv",
"filters": {
"severity": ["critical", "high"],
"startTime": "2024-01-01T00:00:00Z"
}
}
# SonicWall Connection
SONICWALL_HOST=your.firewall.ip
SONICWALL_USERNAME=admin
SONICWALL_PASSWORD=secure_password
SONICWALL_VERSION=7
# Server Settings
PORT=3000
LOG_LEVEL=info
CACHE_TTL_SECONDS=300
# Authentication (Optional)
MCP_BEARER_TOKEN=your_secret_token
# Performance Tuning
CACHE_MAX_SIZE=1000
API_TIMEOUT=30000
MAX_RETRIES=3
# Security
CORS_ORIGINS=https://claude.ai,https://localhost:3000
RATE_LIMIT_MAX=100
# Production deployment (detached mode)
docker compose up -d
# Development mode (with hot reload)
docker compose -f docker-compose.yml -f docker-compose.dev.yml up
# View logs
docker compose logs -f sonicwall-mcp
# Stop all services
docker compose down
# Rebuild and restart
docker compose up --build -d
# Production deployment
npm run docker:up
# Development with hot reload
npm run docker:dev
# View logs
npm run docker:logs
# Stop services
npm run docker:down
# Build image only
npm run docker:build
Problem: Cannot connect to SonicWall API
# Check API is enabled
# SonicWall: MANAGE > System Setup > Appliance > SonicOS API ✓
# Test connectivity
ping YOUR_SONICWALL_HOST
curl -k https://YOUR_SONICWALL_HOST/api/sonicos/auth
Problem: Empty responses from log queries
# Check log levels in SonicWall
# Log > Settings > Categories > Enable required log types
# Verify time synchronization
date
Problem: Browser blocks MCP requests
# Add your domain to CORS_ORIGINS
CORS_ORIGINS=https://claude.ai,https://your-domain.com
Check the server's health status:
# Detailed health status
curl http://localhost:3000/health
The response includes:
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "sonicwall" '{"transport":"sse","url":"http://localhost:3000/mcp/v1/sse"}'See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"sonicwall": {
"transport": "sse",
"url": "http://localhost:3000/mcp/v1/sse"
}
}
}To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json2. Add this to your configuration file:
{
"mcpServers": {
"sonicwall": {
"transport": "sse",
"url": "http://localhost:3000/mcp/v1/sse"
}
}
}3. Restart Claude Desktop for the changes to take effect