Palo Alto Networks MCP Server

Palo Alto Networks MCP Server

Enables MCP clients to interact with Palo Alto Networks firewalls and Panorama, providing tools to retrieve address objects, security zones, policies, and system information.

Category
Visit Server

README

Palo Alto Networks MCP Server

A Model Context Protocol (MCP) server for interfacing with Palo Alto Networks Next-Generation Firewalls (NGFW) using the modelcontextprotocol Python SDK.

Overview

This package provides an MCP server that enables MCP clients (like Windsurf) to interact with Palo Alto Networks NGFW appliances via their XML API. The server is built using the FastMCP abstraction from the modelcontextprotocol Python SDK and provides tool-calling capabilities for retrieving firewall configuration data.

Features

  • Retrieve address objects from Palo Alto Networks firewalls and Panorama
  • Retrieve security zones from Palo Alto Networks firewalls
  • Retrieve security policies from Palo Alto Networks firewalls
  • Get system information from Palo Alto Networks firewalls
  • Support for Panorama device groups and shared address objects
  • Built using the FastMCP class from the modelcontextprotocol Python SDK
  • Exposes network (HTTP/SSE) endpoints for integration with Windsurf and MCP clients

Installation

Prerequisites

  • Python 3.10 or higher
  • uv (recommended) or pip

Install from Source

# Using uv (recommended)
uv pip install .

# Using pip
pip install .

Configuration

The server requires the following environment variables to be set (can be provided via a .env file in the project root):

  • PANOS_HOSTNAME: Hostname or IP address of the Palo Alto Networks NGFW
  • PANOS_API_KEY: API key for authenticating with the Palo Alto Networks NGFW

Optional environment variables:

  • PANOS_DEBUG: Set to true to enable debug logging (default: false)

Example .env file:

PANOS_HOSTNAME=192.168.1.1
PANOS_API_KEY=your-api-key-here
PANOS_DEBUG=true

Usage

Running the Server (Network/SSE mode)

python -m palo_alto_mcp

This will launch the MCP server as a network server, exposing HTTP/SSE endpoints for integration with Windsurf and other MCP clients.

SSE Endpoints

  • /sse — Main Server-Sent Events (SSE) endpoint for client-server communication
  • /messages/ — Message endpoint for SSE transport (required for Windsurf/MCP clients)

Ensure your client configuration points to these endpoints for correct operation.

Integration with MCP Clients

The server is designed to be used with MCP clients like Windsurf. It follows the command-based integration pattern using the standard I/O transport provided by the SDK.

Example client configuration in mcp_config.json:

{
  "tools": [
    {
      "name": "panos",
      "command": "palo-alto-mcp",
      "args": [],
      "env": {
        "PANOS_HOSTNAME": "192.168.1.1",
        "PANOS_API_KEY": "your-api-key-here"
      }
    }
  ]
}

Available Tools

show_system_info

Get system information from the Palo Alto Networks firewall.

Example Response:

# Palo Alto Networks Firewall System Information

**hostname**: fw01.example.com
**model**: PA-VM
**serial**: 0123456789
**sw-version**: 10.2.3
...

retrieve_address_objects

Get address objects configured on the Palo Alto Networks firewall or Panorama. Address objects are grouped by location (shared, device group, or vsys).

Example Response:

# Palo Alto Networks Firewall Address Objects

## Shared Address Objects

### web-server
- **Type**: ip-netmask
- **Value**: 10.1.1.100/32
- **Description**: Web Server

## Device-group:Production Address Objects

### internal-network
- **Type**: ip-netmask
- **Value**: 10.1.0.0/16
- **Description**: Internal Network
- **Tags**: internal, production

retrieve_security_zones

Get security zones configured on the Palo Alto Networks firewall.

Example Response:

# Palo Alto Networks Firewall Security Zones

## trust
- **Type**: layer3
- **Interfaces**:
  - ethernet1/1
  - ethernet1/2

## untrust
- **Type**: layer3
- **Interfaces**:
  - ethernet1/3

retrieve_security_policies

Get security policies configured on the Palo Alto Networks firewall.

Example Response:

# Palo Alto Networks Firewall Security Policies

## allow-outbound
- **Description**: Allow outbound traffic
- **Action**: allow
- **Source Zones**:
  - trust
- **Source Addresses**:
  - any
- **Destination Zones**:
  - untrust
- **Destination Addresses**:
  - any
- **Applications**:
  - web-browsing
  - ssl
- **Services**:
  - application-default

Development

Setup Development Environment

# Clone the repository
git clone https://github.com/cdot65/pan-os-mcp.git
cd pan-os-mcp

# Install development dependencies
uv pip install -e ".[dev]"

Running Tests

pytest

Code Quality

# Run linting
ruff check .

# Run type checking
pyright

Project Structure

palo-alto-mcp/
├── src/
│   └── palo_alto_mcp/
│       ├── __init__.py           # Package initialization
│       ├── __main__.py           # Command-line entry point
│       ├── config.py             # Configuration management
│       ├── server.py             # Main FastMCP server implementation
│       └── pan_os_api.py         # API client for Palo Alto NGFW XML API
├── tests/                        # Unit and integration tests
├── pyproject.toml                # Python package definition
└── README.md                     # Documentation

License

MIT

Patterns and Technologies Used

  • FastMCP: Using the FastMCP class from the modelcontextprotocol Python SDK for MCP server implementation
  • Async/Await: Using Python's async/await pattern for non-blocking I/O operations
  • Environment Variables: Configuration via environment variables
  • Pydantic Settings: Using pydantic-settings for configuration management
  • Type Hints: Strong typing with Python type hints
  • Context Managers: Using async context managers for resource management
  • XML Parsing: Using the built-in xml.etree.ElementTree for parsing XML responses
  • Panorama Support: Handling Panorama device groups and shared objects

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured