FortiGate MCP Server

FortiGate MCP Server - A comprehensive Model Context Protocol (MCP) server for managing FortiGate devices. This project provides programmatic access to FortiGate devices and enables integration with MCP-compatible tools like Cursor.

🚀 Features

• Device Management: Add, remove, and test connections to FortiGate devices
• Firewall Management: List, create, update, and delete firewall rules
• Network Management: Manage address and service objects
• Routing Management: Manage static routes and interfaces
• HTTP Transport: MCP protocol over HTTP using FastMCP
• Docker Support: Easy installation and deployment
• Cursor Integration: Full integration with Cursor IDE

📋 Requirements

• Python 3.8+
• Access to FortiGate device
• API token or username/password

🛠️ Installation

1. Clone the Project

git clone <repository-url>
cd fortigate-mcp-server

2. Install Dependencies

# Create virtual environment
python -m venv .venv
source .venv/bin/activate  # Linux/Mac
# or
.venv\Scripts\activate  # Windows

# Install dependencies
pip install -r requirements.txt

3. Configuration

Edit the config/config.json file:

{
  "fortigate": {
    "devices": {
      "default": {
        "host": "192.168.1.1",
        "port": 443,
        "username": "admin",
        "password": "password",
        "api_token": "your-api-token",
        "vdom": "root",
        "verify_ssl": false,
        "timeout": 30
      }
    }
  },
  "logging": {
    "level": "INFO",
    "file": "./logs/fortigate_mcp.log"
  }
}

🚀 Usage

Start HTTP Server

# Start with script
./start_http_server.sh

# Or manually
python -m src.fortigate_mcp.server_http \
  --host 0.0.0.0 \
  --port 8814 \
  --path /fortigate-mcp \
  --config config/config.json

Run with Docker

# Build and start
docker-compose up -d

# View logs
docker-compose logs -f fortigate-mcp-server

🔧 Cursor MCP Integration

1. Cursor MCP Configuration

Edit ~/.cursor/mcp_servers.json in Cursor:

Option 1: Command Connection

{
  "mcpServers": {
    "fortigate-mcp": {
      "command": "python",
      "args": [
        "-m",
        "src.fortigate_mcp.server_http",
        "--host",
        "0.0.0.0",
        "--port",
        "8814",
        "--path",
        "/fortigate-mcp",
        "--config",
        "/path/to/your/config.json"
      ],
      "env": {
        "FORTIGATE_MCP_CONFIG": "/path/to/your/config.json"
      }
    }
  }
}

Option 2: URL Connection (Recommended)

{
  "mcpServers": {
    "FortiGateMCP": {
      "url": "http://0.0.0.0:8814/fortigate-mcp/",
      "transport": "http"
    }
  }
}

2. Using in Cursor

To use FortiGate MCP in Cursor:

1. Start the server:

cd /media/workspace/fortigate-mcp-server
python -m src.fortigate_mcp.server_http --host 0.0.0.0 --port 8814 --path /fortigate-mcp --config config/config.json

2. Restart Cursor
3. Ensure MCP server is running
4. Use FortiGate commands in Cursor

📚 API Commands

Device Management

• list_devices - List registered devices
• get_device_status - Get device status
• test_device_connection - Test connection
• add_device - Add new device
• remove_device - Remove device
• discover_vdoms - Discover VDOMs

Firewall Management

• list_firewall_policies - List firewall rules
• create_firewall_policy - Create new rule
• update_firewall_policy - Update rule
• delete_firewall_policy - Delete rule

Network Management

• list_address_objects - List address objects
• create_address_object - Create address object
• list_service_objects - List service objects
• create_service_object - Create service object

Virtual IP Management

• list_virtual_ips - List virtual IPs
• create_virtual_ip - Create virtual IP
• update_virtual_ip - Update virtual IP
• get_virtual_ip_detail - Get virtual IP detail
• delete_virtual_ip - Delete virtual IP

Routing Management

• list_static_routes - List static routes
• create_static_route - Create static route
• update_static_route - Update static route
• delete_static_route - Delete static route
• get_static_route_detail - Get static route detail
• get_routing_table - Get routing table
• list_interfaces - List interfaces
• get_interface_status - Get interface status

System Commands

• health - Health check
• test_connection - Connection test
• get_schema_info - Schema information

🧪 Testing

Run Tests

# Run all unit tests (default)
python -m pytest

# Run with coverage
python -m pytest --cov=src --cov-report=html

# Run specific test categories
python -m pytest tests/test_device_manager.py
python -m pytest tests/test_fortigate_api.py
python -m pytest tests/test_tools.py

# Run integration tests (requires server running)
python integration_tests.py

# Run only unit tests (default)
python -m pytest tests/

# Run with verbose output
python -m pytest -v

# Run with detailed error information
python -m pytest --tb=long

Test Categories

• Unit Tests: Test individual components and functions
• Integration Tests: Test HTTP server functionality (requires server running)
• Coverage: Code coverage reporting with HTML output

HTTP Server Test

# Run test script
python test_http_server.py

Manual Testing

# Health check
curl -X POST http://localhost:8814/fortigate-mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{"jsonrpc": "2.0", "id": 1, "method": "health", "params": {}}'

# List devices
curl -X POST http://localhost:8814/fortigate-mcp \
  -H "Content-Type: application/json" \
  -H "Accept: application/json, text/event-stream" \
  -d '{"jsonrpc": "2.0", "id": 1, "method": "list_devices", "params": {}}'

📁 Project Structure

fortigate-mcp-server/
├── src/
│   └── fortigate_mcp/
│       ├── __init__.py
│       ├── server_http.py          # HTTP MCP server
│       ├── config/                 # Configuration management
│       ├── core/                   # Core components
│       ├── tools/                  # MCP tools
│       └── formatting/             # Response formatting
├── config/
│   ├── config.json                # Main configuration
│   └── config.example.json        # Example configuration
├── examples/
│   └── cursor_mcp_config.json     # Cursor MCP config
├── logs/                          # Log files
├── tests/                         # Test files
├── docker-compose.yml             # Docker compose
├── Dockerfile                     # Docker image
├── start_http_server.sh           # Startup script
├── test_http_server.py            # Test script
└── README.md                      # This file

🔍 Troubleshooting

Common Issues

1. Connection Error

   • Ensure FortiGate device is accessible
   • Verify API token or username/password
   • Use verify_ssl: false for SSL certificate issues

2. Port Conflict

   • Ensure port 8814 is available
   • Change port using --port parameter

3. Configuration Error

   • Ensure config.json is properly formatted
   • Check JSON syntax

4. Cursor MCP Connection Issue

   • Ensure server is running
   • Verify URL is correct
   • Restart Cursor

Logs

Check logs using:

# HTTP server logs
tail -f logs/fortigate_mcp.log

# Docker logs
docker-compose logs -f fortigate-mcp-server

🔒 Security

Recommendations

1. Use API Tokens

   • Use API tokens instead of username/password
   • Store tokens securely

2. SSL Certificate

   • Use SSL certificates in production
   • Set verify_ssl: true

3. Network Security

   • Run MCP server only on secure networks
   • Restrict access with firewall rules

4. Rate Limiting

   • Enable rate limiting
   • Limit API calls

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

🙏 Acknowledgments

• FastMCP - For MCP HTTP transport
• FortiGate API - For FortiGate integration
• Cursor - For MCP support

📞 Support

For issues:

• Use the Issues page
• Check the documentation
• Review the logs

---

Note: This project has been tested with FortiGate devices. Please perform comprehensive testing before using in production.