fortigate

This FortiGate MCP Server provides a HTTP-based MCP interface to manage FortiGate devices. It exposes a set of MCP commands for device management, firewall policy handling, network object management, routing, and more, enabling integration with MCP-enabled tools like Cursor. Start the HTTP MCP server, then connect via Cursor using either a direct command configuration or a URL connection. The server supports operations such as listing devices, testing connections, creating and updating firewall policies, managing address and service objects, and retrieving routing and interface information. With Cursor, you can configure either a command-based connection that launches the server as a subprocess or a URL-based connection that points to the running HTTP endpoint, providing a seamless workflow for editing and applying FortiGate configurations through MCP.

Prerequisites:

• Python 3.8+
• Git
• Access to FortiGate device (with API token or credentials)

1. Clone the project

git clone <repository-url>
cd fortigate-mcp-server

2. Create and activate a virtual environment

# Linux/macOS
python -m venv .venv
source .venv/bin/activate

# Windows
python -m venv .venv
.\.venv\Scripts\activate

3. Install dependencies

pip install -r requirements.txt

4. Configure FortiGate connection

• Edit config/config.json with your FortiGate device details (host, port, credentials or api_token, vdom, verify_ssl, timeout)

5. Run the HTTP MCP server

python -m src.fortigate_mcp.server_http --host 0.0.0.0 --port 8814 --path /fortigate-mcp --config config/config.json

Optional: Run with Docker

# Build and run with docker-compose (if provided in repository)
docker-compose up -d

Tips and notes:

• The server expects a FortiGate configuration file at config/config.json; ensure you populate the default device entry under fortigate.devices.default with host, port, credentials or api_token, vdom, verify_ssl, and timeout.
• The HTTP server is accessible at http://<host>:8814/fortigate-mcp by default.
• Cursor integration supports two connection modes: a Command Connection that launches the Python module, or a URL Connection that points to the running HTTP endpoint. For Command Connection, Cursor can run the server with explicit arguments and environment variables (including FORTIGATE_MCP_CONFIG).
• If you encounter SSL or token issues, verify your FortiGate API token and consider setting verify_ssl to false in development.
• Logs are written to logs/fortigate_mcp.log; use tail -f to monitor.
• Ensure port 8814 is open and not used by another service when testing the HTTP MCP endpoint.
• The project includes extensive tests; run python -m pytest to validate functionality.