fmc-firewall-ops
Cisco FMC Firewall Operations
MCP Server
- Repository: CiscoDevNet/CiscoFMC-MCP-server-community
- Transport: HTTP (
http://<host>:8000/mcp) — requires HTTPS reverse proxy for production - Install:
git clone+pip install -r requirements.txt+python -m sfw_mcp_fmc.server(or Docker) - Requires:
FMC_BASE_URL,FMC_USERNAME,FMC_PASSWORD
Available Tools (4)
| Tool | What It Does |
|---|---|
list_fmc_profiles |
Discover all configured FMC instances (single or multi-FMC mode). Returns profile IDs, display names, and aliases. Use this first to select which FMC to query. |
find_rules_by_ip_or_fqdn |
Search rules within a specific access policy by IP address or FQDN. Matches source/destination network objects against the given indicator. |
find_rules_for_target |
Resolve FTD devices or HA clusters to their assigned access policies, then search those policies. Use when you know the firewall device name but not the policy name. |
search_access_rules |
FMC-wide rule search with multiple filter types: network indicators (IP, FQDN), identity indicators (SGT tags, realm users/groups), and policy name filters. The most powerful search tool. |
Key Concepts
More from automateyournetwork/netclaw
pyats-topology
Network topology discovery via CDP/LLDP neighbors, ARP tables, routing peers, and interface mapping to build complete network maps. Use when mapping the network, building a diagram, discovering what is connected to what, or documenting device neighbors and links.
21drawio-diagram
Generate draw.io network diagrams — native .drawio files with CLI export (PNG/SVG/PDF), plus browser-based Mermaid/XML/CSV via MCP server. Use when creating network topology diagrams, generating architecture visuals, exporting diagrams to PNG or PDF, or building draw.io files from discovery data.
20aws-architecture-diagram
AWS architecture diagrams — generate visual network topology diagrams from live AWS infrastructure. Use when drawing AWS network diagrams, visualizing VPCs, mapping Transit Gateway topology, or generating architecture documentation.
20grafana-observability
Grafana observability platform — dashboards, Prometheus PromQL, Loki LogQL, alerting, incidents, OnCall schedules, annotations, datasource queries, panel rendering (75+ tools). Use when querying Grafana dashboards, running PromQL for interface metrics, searching Loki logs for syslog events, investigating firing alerts, or checking who is on call.
18pyats-health-check
Comprehensive network device health monitoring - CPU, memory, interfaces, hardware, NTP, logging, environment, and uptime analysis. Use when running a device health check, monitoring CPU or memory usage, checking interface errors, or validating NTP sync.
17aws-security-audit
AWS security auditing — IAM users/roles/policies, CloudTrail API events, security posture analysis. Use when auditing IAM permissions, investigating security incidents, checking MFA compliance, or tracing API activity in CloudTrail.
16