@teamnetwork-nz/sonicwall-api-mcp-server
v0.2.0
Published
MCP server for SonicWall NSA appliance API — logs, CRUD objects, rules, NAT, GeoIP
Maintainers
darylpetersenReadme
SonicWall NSA MCP Server
A Model Context Protocol server that provides full read/write access to SonicWall NSA series appliances via the SonicOS REST API.
Features
- Log analysis — retrieve, filter, and search event logs, traffic logs, and threat/IPS events
- Address objects & groups — CRUD for IPv4, IPv6, FQDN, and MAC address objects and their groups
- Service objects & groups — CRUD for protocol/port service definitions
- Access rules — create, update, enable/disable, and delete firewall access rules (IPv4 & IPv6)
- NAT policies — full CRUD for inbound/outbound NAT rules
- Security policies — CRUD for zone-based security policies
- GeoIP filtering — manage GeoIP country-block policies and assign them to access rules
- Config management — view and commit (or discard) staged changes
Supports SonicOS 6.5.x, 7.x, and 8.x with automatic version detection.
Quick Start
Install
Via npm / npx (recommended — no Python setup required):
# Run directly with npx (requires uv: https://docs.astral.sh/uv/)
npx @teamnetwork-nz/sonicwall-api-mcp-server
# Or install globally
npm install -g @teamnetwork-nz/sonicwall-api-mcp-server
sonicwall-mcpVia pip / uv (Python):
pip install sonicwall-mcp-server
# or:
uv pip install sonicwall-mcp-serverNote: The npm package is a thin launcher. It requires uv to be installed and uses
uvx sonicwall-mcp-serverunder the hood. No Python environment setup is needed beyond installing uv.
Configure
Pass credentials as environment variables (no config file needed):
SONICWALL_HOST=192.168.168.168
SONICWALL_USERNAME=admin
SONICWALL_PASSWORD=your_password
SONICWALL_SSL_VERIFY=false # most appliances use self-signed certsCopy .env.example to .env for local development.
Claude Desktop / Claude Code Integration
Add to your MCP config (claude_desktop_config.json or .claude/settings.json):
Using npx (easiest):
{
"mcpServers": {
"sonicwall": {
"command": "npx",
"args": ["-y", "@teamnetwork-nz/sonicwall-api-mcp-server"],
"env": {
"SONICWALL_HOST": "192.168.168.168",
"SONICWALL_USERNAME": "admin",
"SONICWALL_PASSWORD": "your_password",
"SONICWALL_SSL_VERIFY": "false"
}
}
}
}Using uvx directly:
{
"mcpServers": {
"sonicwall": {
"command": "uvx",
"args": ["sonicwall-mcp-server"],
"env": {
"SONICWALL_HOST": "192.168.168.168",
"SONICWALL_USERNAME": "admin",
"SONICWALL_PASSWORD": "your_password",
"SONICWALL_SSL_VERIFY": "false"
}
}
}
}Using the installed Python CLI:
{
"mcpServers": {
"sonicwall": {
"command": "sonicwall-mcp",
"env": {
"SONICWALL_HOST": "192.168.168.168",
"SONICWALL_USERNAME": "admin",
"SONICWALL_PASSWORD": "your_password",
"SONICWALL_SSL_VERIFY": "false"
}
}
}
}Development
uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
pytest tests/ -v # unit tests (no appliance needed)
mcp dev src/sonicwall_mcp/server.py # interactive MCP inspectorAgent guidance
The server supplies MCP instructions that are automatically delivered to the calling agent at session start. These cover:
- Staged configuration — always
commit_configafter a related set of changes, ordiscard_configto abandon - Datetime handling — log timestamps use the appliance's local timezone; no UTC conversion needed
- Log tool selection — when to use
get_event_logsvsget_traffic_logsvsget_threat_logsvssearch_logs - Object and rule management — recommended workflow for creating address objects and firewall rules
- Concurrent sessions — SonicOS limit of one active API session per appliance
No special prompting is required — the agent receives these guidelines automatically.
Important Notes
- SonicOS allows only one concurrent API session per appliance. Ensure no other admin sessions are active when using this server.
- All configuration changes (create/update/delete) are staged and do not take effect until you call
commit_config. Usediscard_configto abandon staged changes. - Enable the SonicOS API in the appliance web UI: DEVICE > Settings > Administration > SonicOS API.