Sonicwall
A comprehensive Model Context Protocol (MCP) server for analyzing SonicWall firewall logs from SonicOS 7.x and 8.x. This server provides intelligent log analysis, threat detection, and security insights through a fully MCP-compliant interface using SSE/HTTP transport.
claude mcp add --transport stdio gensecaihq-sonicwall-mcp-server docker compose up -d \ --env PORT="Server listening port (default 3000)" \ --env SONICWALL_HOST="SonicWall device hostname or IP (e.g., 192.168.1.1)" \ --env SONICWALL_VERSION="SonicOS version (7 or 8)" \ --env SONICWALL_PASSWORD="SonicWall API password (secret)" \ --env SONICWALL_USERNAME="SonicWall API username (e.g., admin)"
How to use
This SonicWall MCP Server provides natural language powered analysis of SonicWall firewall logs and threat detection through the MCP protocol. It supports both SonicOS 7.x and 8.x with version-aware endpoints, and exposes tools for log analysis, threat monitoring, connection investigations, statistics, and log export. You can connect Claude or other MCP clients to its SSE endpoint to perform conversational queries like asking for blocked connections, suspicious activity, or export-ready logs. The included tools help you perform targeted queries (analyze_logs), monitor real-time threats (get_threats), search specific connections (search_connections), retrieve network metrics (get_stats), and export filtered logs (export_logs).
How to install
Prerequisites:
- Docker Engine and Docker Compose
- Access to a SonicWall device with API enabled (MANAGE > System Setup > Appliance > SonicOS API)
- Optional: Node.js 20+ if you prefer local Node-based deployment
Step-by-step:
- Clone the repository and navigate to project folder
git clone https://github.com/gensecaihq/sonicwall-mcp-server.git
cd sonicwall-mcp-server
- Prepare environment file (example shown). Copy the example and fill in your values
cp .env.example .env
- Configure environment variables in .env (examples):
SONICWALL_HOST=192.168.1.1
SONICWALL_USERNAME=admin
SONICWALL_PASSWORD=your_password
SONICWALL_VERSION=7 # use 8 for SonicOS 8.x
PORT=3000
LOG_LEVEL=info
CACHE_TTL_SECONDS=300
- Start the server via Docker (recommended):
# Ensure Docker and Docker Compose are up
# Start in detached mode
docker compose up -d
- Optional: start with npm/node setup
npm install
npm run build
npm start
- Verify the server health endpoint (default port 3000)
curl http://localhost:3000/health
Expected: {"status":"healthy","protocol":"MCP/2025-06-18","version":"1.0.0"}
Additional notes
Notes and tips:
- Ensure SonicWall API is enabled and reachable from the deployment host.
- Use the SonicWall_VERSION setting that matches your device (7 or 8).
- If using Docker, you can map a host port to 3000 by adjusting the docker-compose setup or the PORT env value.
- The MCP configuration assumes MCP 2025-06-18 compliance and SSE transport; monitor logs for authentication token handling and endpoint resolution messages.
- For Claude integration, configure the Claude Desktop to point to http://<host>:<port>/mcp/v1/sse and ensure CORS if needed.
- Common issues: network connectivity to the SonicWall, wrong API credentials, or mismatched SonicOS version leading to endpoint failures. Enable verbose logs (LOG_LEVEL) to troubleshoot.
Related MCP Servers
mcp-graphql
Model Context Protocol server for GraphQL
tableau
Tableau's official MCP Server. Helping Agents see and understand data.
ghost
A Model Context Protocol (MCP) server for interacting with Ghost CMS through LLM interfaces like Claude. Allow you to control your Ghost blog by simply asking Claude etc.
any-script
An MCP server that exposes arbitrary CLI tools and shell scripts as MCP Tools
filesystem
A Model Context Protocol (MCP) server for platform-agnostic file capabilities, including advanced search/replace and directory tree traversal
prometheus
A Model Context Protocol (MCP) server implementation that provides AI agents with programmatic access to Prometheus metrics via a unified interface.
