Firewalla MCP Server
Real-time network monitoring, security analysis, and firewall management through 28 specialized tools. Access security alerts, network flows, device status, and firewall rules directly from your Firewalla device.
1.0K
28 Tools
Packaged by
Requires Secrets
Add to Docker Desktop
Version 4.43 or later needs to be installed to add the server automatically
Tools
| Name | Description |
|---|---|
create_target_list | Create a new target list |
delete_target_list | Delete a target list |
get_active_alarms | Retrieve current security alerts and alarms from Firewalla firewall |
get_alarm_trends | Get historical alarm trend data (alarms generated per day) |
get_bandwidth_usage | Get top bandwidth consuming devices (convenience wrapper around get_device_status) |
get_boxes | Retrieve list of Firewalla boxes |
get_device_status | Check online/offline status of devices on Firewalla network |
get_flow_data | Query network traffic flows from Firewalla firewall |
get_flow_insights | Get category-based flow analysis including top content categories, bandwidth consumers, and blocked traffic. Ideal for answering questions like "what porn sites were accessed" or "what social media was used". Replaces time-based trends with actionable insights. |
get_network_rules | Retrieve firewall rules and conditions |
get_network_rules_summary | Get overview statistics and counts of network rules by category (convenience wrapper) |
get_offline_devices | Get all offline devices (convenience wrapper around get_device_status) |
get_recent_flow_activity | Get recent network flow activity snapshot (last 10-20 minutes). Returns up to 50 most recent flows for immediate analysis. CRITICAL: This is a quick snapshot tool only. Use this for: "what's happening right now?", current security threats, immediate network issues. DO NOT use for: historical analysis (use search_flows), getting more than 50 flows (use search_flows with limit), daily/weekly patterns (use search_flows with time queries like "ts:>24h"). For comprehensive analysis, always prefer search_flows. |
get_rule_trends | Get historical rule trend data (rules created per day) |
get_simple_statistics | Retrieve basic statistics overview |
get_specific_alarm | Get detailed information for a specific Firewalla alarm |
get_specific_target_list | Retrieve a specific target list by ID |
get_statistics_by_box | Get statistics for each Firewalla box (top boxes by blocked flows or security alarms) |
get_statistics_by_region | Retrieve statistics by region (top regions by blocked flows) |
get_target_lists | Retrieve all target lists from Firewalla |
pause_rule | Temporarily disable an active firewall rule for a specified duration |
resume_rule | Resume a previously paused firewall rule, restoring it to active state |
search_alarms | Search alarms using full-text or field filters. Alarm types: 1=Security Activity, 2=Abnormal Upload, 3=Large Bandwidth Usage, 4=Monthly Data Plan, 5=New Device, 6=Device Back Online, 7=Device Offline, 8=Video Activity, 9=Gaming Activity, 10=Porn Activity, 11=VPN Activity, 12=VPN Connection Restored, 13=VPN Connection Error, 14=Open Port, 15=Internet Connectivity Update, 16=Large Upload. |
search_devices | Search devices by name, IP, MAC or status (convenience wrapper with client-side filtering) |
search_flows | Search network flows with advanced query filters. Use this for: historical analysis, specific time ranges, complex filtering, or when you need more than 50 flows. Supports pagination, time-based queries (e.g., "ts:>1h" for last hour), and all flow fields including geographic filtering. For quick "what's happening now" snapshots, use get_recent_flow_activity instead. |
search_rules | Search firewall rules by target, action or status. Supports all rule fields. |
search_target_lists | Search target lists with client-side filtering (convenience wrapper around get_target_lists) |
update_target_list | Update an existing target list |
Manual installation
You can install the MCP server using:
Installation for