Firewalla logo

Firewalla

Community
amittell

Firewalla MCP Server - Claude integration for network security monitoring and firewall management

Publisheramittell
Repositoryfirewalla-mcp-server
LanguageTypeScript
Forks
6
Stars
24
Available tools
0
Transport typestdio
Categories
Auth SecurityDeveloper Tools
LicenseMIT
Links
GitHub
  • Connect tools to AI workflows

    Firewalla exposes MCP capabilities that can be used by compatible AI clients and agents.

  • 0 available tools

    Browse the callable actions below, including names and descriptions when provided by the server.

  • Ready-to-copy setup

    Use the installation snippets to configure this server in your preferred MCP client.

  • Open source signals

    24 stars and 6 forks from the linked repository.

Firewalla MCP Server

npm version

A Model Context Protocol (MCP) server that provides real-time access to Firewalla firewall data through 28 specialized tools, compatible with any MCP client.

Why Firewalla MCP Server?

Simple Network Security Integration

  • 28 Tools for network monitoring and analysis
  • 23 Direct API Endpoints + 5 Convenience Wrappers
  • Advanced Search with query syntax and filters
  • Clean, Verified Architecture with corrected API schemas

Features

  • Real-time Firewall Data: Query security alerts, network flows, and device status
  • Security Analysis: Get insights on threats, blocked attacks, and network anomalies
  • Bandwidth Monitoring: Track top bandwidth consumers and usage patterns
  • Rule Management: View and temporarily pause firewall rules
  • Target Lists: Manage custom security target lists and categories
  • Search Tools: Query syntax with filters and logical operators

Client Setup Guides

ClientQuick StartFull Guide
Claude Desktopnpm i -g firewalla-mcp-server → Configure MCPSetup Guide
Claude Codenpm i -g firewalla-mcp-server → CLI integrationSetup Guide
VS CodeInstall MCP extension → Configure serverSetup Guide
CursorInstall Claude Code → VSIX methodSetup Guide
RoocodeInstall MCP support → Configure serverSetup Guide
ClineConfigure in VS Code → Enable MCPSetup Guide

How It Works

Claude Desktop/Code ↔ MCP Server ↔ Firewalla API

The MCP server acts as a bridge between Claude and your Firewalla firewall, translating Claude's requests into Firewalla API calls and returning the results in a format Claude can understand.

Prerequisites

  • Node.js 18+ and npm
  • Firewalla MSP account with API access
  • Your Firewalla device online and connected

Quick Start

1. Installation

Option A: Install from npm (Recommended)

bash
# Install globally
npm install -g firewalla-mcp-server

# Or install locally in your project
npm install firewalla-mcp-server

Option B: Use Docker

Warning: Not for production use – secrets visible in process list

The examples below pass credentials directly in the command line, which exposes them to process listing and shell history. For production use, consider these secure alternatives:

  • Use --env-file with a .env file: docker run --env-file .env ...
  • Set environment variables in your shell before running Docker
  • Use Docker secrets for orchestration environments

Stdio Transport (Default - for Claude Desktop integration):

bash
# Using Docker Hub image
docker run -it --rm \
  -e FIREWALLA_MSP_TOKEN=your_token \
  -e FIREWALLA_MSP_ID=yourdomain.firewalla.net \
  -e FIREWALLA_BOX_ID=your_box_gid \
  amittell/firewalla-mcp-server

# Or build locally
docker build -t firewalla-mcp-server .
docker run -it --rm \
  -e FIREWALLA_MSP_TOKEN=your_token \
  -e FIREWALLA_MSP_ID=yourdomain.firewalla.net \
  -e FIREWALLA_BOX_ID=your_box_gid \
  firewalla-mcp-server

# Recommended: Using env file (more secure)
docker run -it --rm --env-file .env amittell/firewalla-mcp-server

HTTP Transport (for standalone Docker containers and external access):

bash
# Run with HTTP transport on port 3000
docker run -d --name firewalla-mcp \
  -p 3000:3000 \
  -e MCP_TRANSPORT=http \
  -e MCP_HTTP_PORT=3000 \
  -e FIREWALLA_MSP_TOKEN=your_token \
  -e FIREWALLA_MSP_ID=yourdomain.firewalla.net \
  -e FIREWALLA_BOX_ID=your_box_gid \
  amittell/firewalla-mcp-server

# The server will be accessible at http://localhost:3000/mcp

# Using env file (recommended)
docker run -d --name firewalla-mcp \
  -p 3000:3000 \
  --env-file .env \
  amittell/firewalla-mcp-server

# For docker-compose
cat > docker-compose.yml << EOF
version: '3.8'
services:
  firewalla-mcp:
    image: amittell/firewalla-mcp-server
    ports:
      - "3000:3000"
    environment:
      - MCP_TRANSPORT=http
      - MCP_HTTP_PORT=3000
      - FIREWALLA_MSP_TOKEN=\${FIREWALLA_MSP_TOKEN}
      - FIREWALLA_MSP_ID=\${FIREWALLA_MSP_ID}
      - FIREWALLA_BOX_ID=\${FIREWALLA_BOX_ID}
    restart: unless-stopped
EOF

docker-compose up -d

Option C: Install from source

bash
git clone https://github.com/amittell/firewalla-mcp-server.git
cd firewalla-mcp-server
npm install
npm run build

2. Configuration

Create a .env file with your Firewalla credentials:

env
# Required
FIREWALLA_MSP_TOKEN=your_msp_access_token_here
FIREWALLA_MSP_ID=yourdomain.firewalla.net

# Optional - filters all queries to a specific box
# FIREWALLA_BOX_ID=your_box_gid_here

Getting Your Credentials:

  1. Log into your Firewalla MSP portal at https://yourdomain.firewalla.net
  2. Your MSP ID is the full domain (e.g., company123.firewalla.net)
  3. Generate an access token in API settings
  4. (Optional) Find your Box GID in device settings to filter queries to a specific box, or retrieve available boxes using the get_boxes tool

Transport Configuration

The MCP server supports two transport modes:

Stdio Transport (Default): Standard input/output communication for Claude Desktop and similar MCP clients

env
MCP_TRANSPORT=stdio

HTTP Transport: HTTP server mode for Docker containers, MCP orchestrators, and external access

env
MCP_TRANSPORT=http
MCP_HTTP_PORT=3000          # Default: 3000
MCP_HTTP_PATH=/mcp          # Default: /mcp

When to use HTTP transport:

  • Running in Docker containers independently
  • Accessing from MCP orchestrators (e.g., open-webui)
  • Multiple clients need to connect to the same server instance
  • Network-based access to the MCP server

When to use stdio transport:

  • Claude Desktop integration (default)
  • Claude Code CLI integration
  • Single-process MCP client setups
  • Standard MCP client configurations

3. Build and Start

bash
npm run build
npm run mcp:start

4. Connect Claude Desktop

Add this configuration to your Claude Desktop claude_desktop_config.json:

If installed via npm

json
{
  "mcpServers": {
    "firewalla": {
      "command": "npx",
      "args": ["firewalla-mcp-server"],
      "env": {
        "FIREWALLA_MSP_TOKEN": "your_msp_access_token_here",
        "FIREWALLA_MSP_ID": "yourdomain.firewalla.net",
        "FIREWALLA_BOX_ID": "your_box_gid_here"
      }
    }
  }
}

If using Docker

json
{
  "mcpServers": {
    "firewalla": {
      "command": "docker",
      "args": ["run", "-i", "--rm", 
        "-e", "FIREWALLA_MSP_TOKEN=your_token",
        "-e", "FIREWALLA_MSP_ID=yourdomain.firewalla.net",
        "-e", "FIREWALLA_BOX_ID=your_box_gid",
        "amittell/firewalla-mcp-server"
      ]
    }
  }
}

If installed from source

json
{
  "mcpServers": {
    "firewalla": {
      "command": "node",
      "args": ["/full/path/to/firewalla-mcp-server/dist/server.js"],
      "env": {
        "FIREWALLA_MSP_TOKEN": "your_msp_access_token_here",
        "FIREWALLA_MSP_ID": "yourdomain.firewalla.net",
        "FIREWALLA_BOX_ID": "your_box_gid_here"
      }
    }
  }
}

Config file locations:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

5. Next Steps

Usage Examples

Step-by-Step First Use

1. Verify Connection After completing the setup, verify the MCP server is working:

bash
# Start the server
npm run mcp:start

# You should see output like:
# MCP Server starting...
# Firewalla client initialized
# Server ready on stdio transport

2. Test with Claude Open Claude Desktop and try these starter queries:

Basic Health Check:

text
"Can you check my Firewalla status and show me a summary?"

This uses: firewall_summary resource + get_simple_statistics tool

Security Overview:

text
"What security alerts do I have? Show me the 5 most recent ones."

This uses: get_active_alarms tool with limit parameter

Practical Workflows

Daily Security Review:

text
"Give me today's security report. Include:
1. Any new security alerts
2. Top 3 devices using bandwidth
3. Any devices that went offline
4. Status of critical firewall rules"

Investigating Suspicious Activity:

text
"I noticed unusual traffic. Can you:
1. Show me all security and abnormal upload alarms from the last 4 hours
2. Find any blocked connections to external IPs
3. Check which devices had the most network activity"

Network Troubleshooting:

text
"A device seems to have connectivity issues. Can you:
1. Check if device 192.168.1.100 is online
2. Show its recent network flows
3. See if any rules are blocking its traffic"

Bandwidth Investigation:

text
"Our internet is slow. Help me find the cause:
1. Show top 10 bandwidth users in the last hour
2. Look for any devices with unusual upload/download patterns
3. Check for any streaming or video traffic"

Advanced Search Examples

Find Specific Threats:

text
search for: security activity alarms from IP range 10.0.0.* in the last 24 hours

Uses: search_alarms with query: "type:1 AND source_ip:10.0.0. AND timestamp:>24h"*

Analyze Rule Effectiveness:

text
"Show me firewall rules that blocked the most connections this week"

Uses: get_network_rules + search_flows for blocked traffic analysis

Device Behavior Analysis:

text
"Find all devices that were online yesterday but are offline now"

Uses: search_devices with temporal queries + get_offline_devices

Troubleshooting Common Issues

Connection Problems: If you get authentication errors:

  1. Verify your .env file has correct credentials
  2. Check your MSP token hasn't expired
  3. Confirm your Box ID is the full GID format

Empty Results: If queries return no data:

  1. Check your Firewalla is online and reporting
  2. Verify the time range isn't too narrow
  3. Try broader search terms first

Performance Issues: If responses are slow:

  1. Reduce the limit parameter in queries
  2. Use more specific time ranges
  3. Check your network connection to the MSP API

Available Tools (28 total)

Core Tools

  • Security: Get alarms, analyze threats
  • Network: Monitor traffic flows, track bandwidth usage
  • Devices: Check device status, find offline devices
  • Rules: Manage firewall rules, pause/resume rules
  • Search: Advanced search across all data types
  • Analytics: Statistics, trends, and geographic analysis
  • Target Management: Create, update, and delete security target lists

Quick Reference

Security: get_active_alarms, get_specific_alarm
Network: get_flow_data, get_bandwidth_usage, get_offline_devices  
Devices: get_device_status, get_boxes, search_devices
Rules: get_network_rules, pause_rule, resume_rule, get_target_lists
Search: search_flows, search_alarms, search_rules, search_target_lists
Analytics: get_simple_statistics, get_flow_insights, get_flow_trends, get_alarm_trends
Management: create_target_list, update_target_list, delete_target_list

Development

Scripts

bash
npm run dev          # Start development server with hot reload
npm run build        # Build TypeScript to JavaScript
npm run test         # Run all tests
npm run test:watch   # Run tests in watch mode
npm run lint         # Run ESLint
npm run lint:fix     # Fix ESLint issues

MCP Execution Methods

Why npx for MCP servers?

  • Version Management: Always uses the correct/latest version
  • Dependency Resolution: Handles package dependencies automatically
  • No global installation required: Works without global installation
  • MCP Standard: Follows Model Context Protocol conventions
  • Reliable: Works consistently across different environments

Alternative execution methods:

bash
# Development (from source)
npm run mcp:start

# Production (npm installed)
npx firewalla-mcp-server

# Direct execution (from source after build)
node dist/server.js

Project Structure

text
firewalla-mcp-server/
├── src/
│   ├── server.ts           # Main MCP server
│   ├── firewalla/          # Firewalla API client
│   ├── tools/              # MCP tool implementations
│   ├── resources/          # MCP resource implementations
│   └── prompts/            # MCP prompt implementations
├── tests/                  # Test files
├── docs/
│   └── firewalla-api-reference.md  # API documentation
├── CLAUDE.md              # Comprehensive development guide
├── SPEC.md                # Technical specifications
└── README.md              # This file

Documentation

  • README.md (this file) - Setup and basic usage
  • USAGE.md - Simple usage guide with examples
  • TROUBLESHOOTING.md - Common issues and solutions
  • docs/clients/ - Client-specific setup guides
  • CLAUDE.md - Development guide and commands

Security

  • MSP tokens are stored securely in environment variables
  • No credentials are logged or stored in code
  • Rate limiting prevents API abuse
  • Input validation prevents injection attacks
  • All API communications use HTTPS

Known Behaviors and Limitations

Category Classification

  • Flow Categories: Many network flows may show as empty category ("") in the Firewalla API response. This is expected behavior - Firewalla categorizes traffic when it recognizes the domain/service (e.g., "av" for audio/video, "social" for social media).
  • Target List Categories: Some target lists may show category as "unknown". This is normal for user-created or certain system lists.
  • Timeline: Category classification happens at the Firewalla device level and may take time to build up meaningful categorization data.

Data Characteristics

  • Response Sizes: The get_recent_flow_activity tool returns up to 150 recent flows to stay within token limits. For larger datasets or historical analysis, use search_flows with time filters for more targeted queries.
  • Geographic Data: IP geolocation is enriched by the MCP server and includes country, city, and risk scores when available.

API Limitations

  • Alarm Deletion: The delete_alarm tool may not actually delete alarms even though the Firewalla API returns a success response. This appears to be a limitation of the MSP API where delete operations return {"message": "success", "success": true} but the alarm remains in the system. This may be due to permission restrictions or API design.

Troubleshooting

Quick Fixes

Server won't start:

bash
# Clean and rebuild
npm run clean
npm run build

# If build fails, try:
npm install
npm run build

Authentication errors:

  • Check your MSP token is valid
  • Verify Box ID format (long UUID)
  • Confirm MSP domain is correct

No data returned:

  • Try broader queries: "last week" vs "last hour"
  • Check if Firewalla is online
  • Test with: "show me basic statistics"

Slow responses:

  • Add limits: "top 10 devices"
  • Use shorter time ranges
  • Restart the server

Debug Mode

Enable detailed logging:

bash
DEBUG=mcp:* npm run mcp:start

For more detailed troubleshooting, see TROUBLESHOOTING.md

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests for new functionality
  5. Run the test suite
  6. Submit a pull request

What's New

Version 1.0.0:

  • 28 tools with API-verified schemas
  • 24 direct API endpoints + 5 convenience wrappers
  • NEW: get_flow_insights for category-based traffic analysis
  • Advanced search with logical operators (AND, OR, NOT)
  • All limits corrected to API maximum (500)
  • Required parameters added for proper API calls
  • Better caching for faster responses
  • Handles high-volume networks (300k+ flows/day)

License

MIT License

Support

For issues and questions:

GitHub Repository

Repository: https://github.com/amittell/firewalla-mcp-server

Quick Links

Repository Stats

GitHub issues GitHub stars GitHub license

Installation

TypingMind
Prerequisites:

Node.js 18+

{
  "mcpServers": {
    "firewalla": {
      "command": "npx",
      "args": [
        "firewalla-mcp-server"
      ],
      "env": {
        "FIREWALLA_MSP_TOKEN": "your_msp_access_token_here",
        "FIREWALLA_MSP_ID": "yourdomain.firewalla.net",
        "FIREWALLA_BOX_ID": "your_box_gid_here"
      }
    }
  }
}

Use Firewalla MCP with multiple AI models

TypingMind connects MCP tools at the workspace level, so once Firewalla is connected, you can use it with different AI models in TypingMind instead of setting it up separately for each model. This MCP runs locally through the TypingMind MCP connector on your device.

Setup guide to use the local connector

Use this when the MCP server needs access to local files, apps, or private resources on your computer.

1

Open the MCP settings

In TypingMind, go to Settings, Advanced Settings, then Model Context Protocol and choose Setup Connector.

  1. Open TypingMind in your browser.
  2. Click the Settings icon.
  3. Go to Advanced Settings.
  4. Open the Model Context Protocol section.
  5. Click Setup Connector and choose This Device.
TypingMind MCP connector setup screen with This Device selected
2

Run the connector command

Choose This Device, copy the command from TypingMind, and run it in Terminal. Keep the process running while you use MCP.

  1. Copy the setup command shown by TypingMind.
  2. Open Terminal on macOS or Windows Terminal on Windows.
  3. Paste and run the command.
  4. Approve the package install if Terminal asks you to proceed.
  5. Keep the Terminal window running while using MCP tools.
3

Add Firewalla as a server

When the connector status is Ready, click Edit Servers and paste the MCP server configuration.

  1. Wait until the connector status shows Ready.
  2. Click Edit Servers.
  3. Paste the Firewalla MCP server configuration.
  4. Save the server list.
  5. Refresh if you want to confirm the connector is still ready.
TypingMind MCP settings showing active server and Edit Servers button
{
  "mcpServers": {
    "firewalla": {
      "command": "npx",
      "args": [
        "-y",
        "firewalla-mcp-server"
      ]
    }
  }
}
4

Use it across models

Save the server list, open Plugins, enable the Firewalla MCP tools, then select any supported AI model in TypingMind and use the tools in chat or assign them to an AI agent.

  1. Open the Plugins page in TypingMind.
  2. Enable the Firewalla MCP tools.
  3. Start a chat and choose the AI model you want to use.
  4. Use the MCP tools in chat or assign them to an AI agent.
  5. Switch to another AI model whenever needed without reconnecting MCP.
TypingMind chat using enabled MCP tools with a selected AI model
Can you use Firewalla to help me with this task?
Firewalla
Sure. I read it.
Here is what I found using Firewalla.

Frequently asked questions

What is the Firewalla MCP server used for?

Firewalla is an MCP server that lets compatible AI clients connect to external tools and context. In TypingMind, you can add this MCP server once and make its tools available in your AI workspace.

Can I use Firewalla MCP with multiple AI models in TypingMind?

Yes. TypingMind connects MCP tools at the workspace level, so you can use Firewalla with different AI models such as Claude, ChatGPT, Gemini, or other models you have configured in TypingMind without setting up the MCP server separately for each model.

Why use Firewalla MCP with TypingMind?

TypingMind is one of the best frontends for LLM chat because it brings multiple AI models, prompts, plugins, AI agents, API keys, and MCP tools into one workspace. With Firewalla connected, you can use its MCP tools across your preferred models while keeping your chat workflow organized in TypingMind.

How do I connect Firewalla MCP to TypingMind?

Firewalla runs through the TypingMind local MCP connector. This is best when the MCP server needs access to local files, desktop apps, command-line tools, or private resources on your computer.

What tools does Firewalla MCP provide in TypingMind?

Firewalla exposes MCP capabilities that can be enabled from the TypingMind Plugins page and used in chat or assigned to AI agents.

Do I need to share my API keys with TypingMind to use Firewalla MCP?

No. TypingMind is local-first and lets you keep your model providers, API keys, prompts, and MCP configuration under your control. If Firewalla requires authentication, add the required headers, OAuth settings, or local configuration for that MCP server when you create the connection.

Related MCP Servers

View all
LaurieWired logo

GhidraMCP

LaurieWired
CommunityPopular

MCP Server for Ghidra

900
8.9K
0 tools
View details
0x4m4 logo

HexStrike AI

0x4m4
CommunityPopular

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

1.9K
8.7K
0 tools
View details
webflow logo

Webflow

webflow
CommunityPopular

Official Webflow MCP server. Manage sites, pages, CMS collections, and form submissions via Webflow's Data API. Publish drafts, update content, and automate site operations.

0
3.9K
16 tools
View details
integromat logo

Make.com (Integromat)

integromat
CommunityPopular

Official Make.com MCP server. Trigger scenarios, manage connections, and automate workflows across 2,000+ apps via Make's visual automation platform.

0
3.8K
16 tools
View details

Set up your own AI workspace now

Get notified about new features and future giveaways by subscribing to our newsletter 👇