Back to MCP Servers

PanOS MCP MCP Server

Community MCP server that exposes Palo Alto Networks NGFW and Panorama configuration data (system info, address objects, zones, policies) over the PAN-OS XML API.

Security by cdot65 (community) API Key active
GitHub Docs
Overview

PAN-OS MCP is a Model Context Protocol server that bridges MCP clients (Claude Desktop, Windsurf, Cursor) and Palo Alto Networks Next-Generation Firewalls or Panorama appliances. It is built with the modelcontextprotocol Python SDK using the FastMCP abstraction and communicates with the firewall through the PAN-OS XML API, returning parsed, structured results back to the LLM.

The server focuses on read-only retrieval of configuration data: system information, address objects (with Panorama shared and device-group support), security zones, and security policies. This lets an LLM agent inspect firewall state, summarize rule sets, or answer questions about network segmentation without giving the model direct shell access to the appliance. Authentication is handled via a PAN-OS API key set as an environment variable.

This is a community project (maintained by cdot65 on GitHub, MIT licensed). Palo Alto Networks does not, as of this writing, publish an official MCP server, so several community implementations exist (cdot65/pan-os-mcp, vlanviking/panos-mcp-server, apius-tech/Palo-MCP, edoscars/pan-os-mcp). The cdot65 project is one of the more documented options and exposes both stdio and SSE/HTTP transports.

Tools

Tool Description
show_system_info Retrieves firewall system information including hostname, model, serial number, and software version.
retrieve_address_objects Fetches address objects from the firewall or Panorama, organized by location (shared, device group, or vsys).
retrieve_security_zones Returns configured security zones with their associated interfaces.
retrieve_security_policies Retrieves security policies with details on sources, destinations, applications, and actions.
Setup Guide

Prerequisites

  • Python 3.10 or higher
  • uv (recommended) or pip
  • A PAN-OS API key for your firewall or Panorama appliance
  • Network reachability to the firewall management interface

Generate a PAN-OS API key

curl -k -X GET "https://<firewall-ip>/api/?type=keygen&user=<admin>&password=<password>"

Install

Clone the repo and install the package:

git clone https://github.com/cdot65/pan-os-mcp.git
cd pan-os-mcp
uv pip install .
# or: pip install .

Environment variables

Create a .env file (or export in your shell):

PANOS_HOSTNAME=192.168.1.1
PANOS_API_KEY=your-api-key-here
PANOS_DEBUG=false

MCP client configuration

{
  "tools": [
    {
      "name": "panos",
      "command": "palo-alto-mcp",
      "args": [],
      "env": {
        "PANOS_HOSTNAME": "192.168.1.1",
        "PANOS_API_KEY": "your-api-key-here"
      }
    }
  ]
}

Run manually

python -m palo_alto_mcp

The server communicates over stdio by default, and also exposes /sse and /messages/ endpoints for HTTP/SSE clients.

Use Cases
  • Ask an LLM to summarize a firewall's hardware, model, serial number, and PAN-OS version for an audit report.
  • Inventory all address objects across a Panorama deployment, including shared objects and device-group objects, and dump them to CSV.
  • Have an agent enumerate security zones and the interfaces bound to each, useful when documenting segmentation.
  • Review security policies in natural language: "list any rules that allow any source to any destination on any application."
  • Spot-check Panorama device groups during change reviews by retrieving the relevant policy and object sets.
Example Prompts
  • "Show me the system info for the firewall: hostname, model, serial, and PAN-OS version."
  • "List all shared address objects in Panorama and group them by subnet."
  • "Which security zones exist and which interfaces are assigned to each?"
  • "Find all security policies that allow application-default from the trust zone to the untrust zone."
  • "Are there any security rules with action allow and source any that should be tightened?"
Pros
  • Covers the most common read-only inspection tasks: system info, address objects, zones, and policies.
  • Supports both standalone firewalls and Panorama (including device groups and shared objects).
  • Built on the official modelcontextprotocol Python SDK with FastMCP; supports stdio and SSE transports.
  • MIT licensed and easy to self-host with uv or pip.
Limitations
  • Community project, not an official Palo Alto Networks integration; no vendor support.
  • Read-only: it cannot create, edit, or commit configuration changes on the firewall.
  • Tool surface is small (four tools). Things like logs, threat data, NAT rules, or HA state are not exposed.
Alternatives
More Security MCP Servers
Bitwarden
Local-first MCP server for Bitwarden. Manage vault items, generate passwords, share secrets via Send, and administer organizations through the Bitwarden CLI and public API.
Conviso
MCP server for the Conviso Platform. Lets AI agents query software assets, vulnerabilities, security projects, and AppSec risk metrics.
CrowdStrike Falcon
Official CrowdStrike MCP server connecting AI agents to the Falcon platform for detections, threat intel, hosts, vulnerabilities, and security automation.
DataGrail
Provider-hosted MCP server for DataGrail's Vera privacy platform. Manage DSRs, opt-outs, data mapping, consent, and risk assessments from AI tools.