// SCAN REPORT

FortiOS 7 6 X MCP Server

240 tools. 57 can modify or destroy data without limits.

17 destructive tools with no built-in limits. Policy required.

Last updated:

57 can modify or destroy data
183 read-only
240 tools total

Community server · catalogue entry verified 12/06/2026

How to control FortiOS 7 6 X MCP Server ↓

TOOL MAP

What FortiOS 7 6 X MCP Server exposes to your agents

Read (183) Write / Execute (38) Destructive / Financial (17)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous FortiOS 7 6 X MCP Server tools

Destructive · Critical system_admin_delete The tool name contains 'delete', which is listed as a Destructive action indicator. Destructive · Critical system_interface_delete Deleting system interfaces is an irreversible action that can completely disconnect a FortiOS firewall from the network, severing all communication and rendering the device operationally unavailable. Destructive · Critical cmdb_delete This tool irreversibly deletes configuration data from FortiOS CMDB. Destructive · High firewall_address_delete The 'delete' operation is destructive by definition—it permanently removes a firewall address configuration entry.

57 of FortiOS 7 6 X MCP Server's 240 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control FortiOS 7 6 X MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and FortiOS 7 6 X MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "cmdb_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "antivirus_profile_create": {
    "limits": [
      {
        "counter": "antivirus_profile_create_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "system_performance_status": {
    "limits": [
      {
        "counter": "system_performance_status_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register FortiOS 7 6 X MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON FORTIOS 7 6 X →

Free to start. No card required.

FULL CATALOGUE

All 240 FortiOS 7 6 X MCP Server tools

DESTRUCTIVE 17 tools
Destructive cmdb_delete cmdb_delete Destructive firewall_address_delete firewall_address_delete Destructive firewall_addrgrp_delete firewall_addrgrp_delete Destructive firewall_policy_delete firewall_policy_delete Destructive firewall_vip_delete firewall_vip_delete Destructive ips_sensor_delete ips_sensor_delete Destructive router_static_delete router_static_delete Destructive system_admin_delete system_admin_delete Destructive system_interface_delete system_interface_delete Destructive user_group_delete user_group_delete Destructive user_local_delete user_local_delete Destructive vpn_ipsec_phase1_delete vpn_ipsec_phase1_delete Destructive vpn_ipsec_phase2_delete vpn_ipsec_phase2_delete Destructive vpn_ssl_portal_delete vpn_ssl_portal_delete Destructive wifi_vap_delete wifi_vap_delete Destructive monitor_firewall_session_close monitor_firewall_session_close Destructive monitor_vpn_ssl_delete_user monitor_vpn_ssl_delete_user
EXECUTE 3 tools
Execute monitor_network_ping monitor_network_ping Execute monitor_user_disconnect monitor_user_disconnect Execute wifi_wtp_deauthorize wifi_wtp_deauthorize
WRITE 35 tools
Write antivirus_profile_create antivirus_profile_create Write cmdb_create cmdb_create Write cmdb_update cmdb_update Write firewall_address_create firewall_address_create Write firewall_address_update firewall_address_update Write firewall_addrgrp_create firewall_addrgrp_create Write firewall_ippool_create firewall_ippool_create Write firewall_policy_create firewall_policy_create Write firewall_policy_move firewall_policy_move Write firewall_policy_update firewall_policy_update Write firewall_service_create firewall_service_create Write firewall_vip_create firewall_vip_create Write ips_sensor_create ips_sensor_create Write log_fortianalyzer_setting_update log_fortianalyzer_setting_update Write router_bgp_update router_bgp_update Write router_static_create router_static_create Write router_static_update router_static_update Write system_admin_create system_admin_create Write system_dhcp_server_create system_dhcp_server_create Write system_dns_update system_dns_update Write system_global_update system_global_update Write system_interface_create system_interface_create Write system_interface_update system_interface_update Write system_ntp_update system_ntp_update Write user_group_create user_group_create Write user_ldap_create user_ldap_create Write user_local_create user_local_create Write user_local_update user_local_update Write user_radius_create user_radius_create Write vpn_ipsec_phase1_create vpn_ipsec_phase1_create Write vpn_ipsec_phase1_update vpn_ipsec_phase1_update Write vpn_ipsec_phase2_create vpn_ipsec_phase2_create Write vpn_ssl_portal_create vpn_ssl_portal_create Write vpn_ssl_settings_update vpn_ssl_settings_update Write wifi_vap_create wifi_vap_create
READ 183 tools
Read system_performance_status Get performance statistics (CPU usage per core, memory, network throughput). Read antivirus_profile_get antivirus_profile_get Read antivirus_profile_list List all antivirus profiles. Read antivirus_settings_get Get antivirus engine settings (scan cache, exclusions). Read application_group_list List all application groups. Read application_list_get application_list_get Read application_list_profiles List all Application Control profiles. Read automation_setting_get Get global automation settings. Read certificate_ca_list List trusted CA certificates. Read certificate_local_list List local (device) certificates. Read cmdb_get cmdb_get Read cmdb_list cmdb_list Read dlp_dictionary_list List all DLP data dictionaries. Read dlp_filepattern_list List all DLP file pattern tables. Read dlp_sensor_list List all DLP sensors. Read dnsfilter_domain_filter_list List DNS domain filter tables (custom domain block/allow). Read dnsfilter_profile_list List all DNS filter profiles. Read emailfilter_bwl_list List email filter block/allow lists. Read emailfilter_profile_list List all email filter profiles. Read file_filter_profile_list List all file filter profiles. Read firewall_address_get firewall_address_get Read firewall_address_list firewall_address_list Read firewall_addrgrp_get firewall_addrgrp_get Read firewall_addrgrp_list List all IPv4 firewall address groups. Read firewall_central_snat_list List all central SNAT (outgoing NAT) rules. Read firewall_ippool_list List all IP pool (source NAT) objects. Read firewall_policy_get firewall_policy_get Read firewall_policy_list firewall_policy_list Read firewall_policy6_list List all IPv6 firewall policies. Read firewall_service_get firewall_service_get Read firewall_service_grp_list List all firewall service groups. Read firewall_service_list List all custom firewall service objects. Read firewall_shaping_policy_list List all traffic shaping policies. Read firewall_ssl_ssh_profile_list List all SSL/SSH deep inspection profiles. Read firewall_vip_get firewall_vip_get Read firewall_vip_list List all Virtual IP (DNAT) objects. Read firewall_vipgrp_list List all VIP groups. Read icap_profile_list List all ICAP profiles. Read icap_server_list List all ICAP server configurations. Read ips_custom_list List all custom IPS signatures. Read ips_sensor_get ips_sensor_get Read ips_sensor_list List all IPS sensor profiles. Read log_app_ctrl log_app_ctrl Read log_disk_filter_get Get the disk log filter settings (which log types are enabled). Read log_disk_setting_get Get the disk logging settings (log level, max log size, etc.). Read log_dns log_dns Read log_event_system log_event_system Read log_event_user log_event_user Read log_event_vpn log_event_vpn Read log_fortianalyzer_setting_get Get FortiAnalyzer logging configuration (server, port, status). Read log_get log_get Read log_ips_attack log_ips_attack Read log_memory_setting_get Get the memory logging settings. Read log_query log_query Read log_syslogd_get Get the primary Syslog server configuration. Read log_traffic_forward log_traffic_forward Read log_traffic_local log_traffic_local Read log_virus log_virus Read log_webfilter log_webfilter Read monitor_endpoint_record_list monitor_endpoint_record_list Read monitor_endpoint_summary Get endpoint control (FortiClient) summary statistics. Read monitor_firewall_address_dynamic Get resolved IPs for all dynamic/FQDN firewall address objects. Read monitor_firewall_ip_list List active banned/exempt IPs in the firewall. Read monitor_firewall_policy_stats Get hit counts, bytes, and packet statistics per firewall policy. Read monitor_firewall_session_list monitor_firewall_session_list Read monitor_fortiview_top_applications monitor_fortiview_top_applications Read monitor_fortiview_top_destinations monitor_fortiview_top_destinations Read monitor_fortiview_top_sources monitor_fortiview_top_sources Read monitor_fortiview_top_threat_map Get FortiView threat map data (geo-blocking source countries). Read monitor_geoip_lookup monitor_geoip_lookup Read monitor_get monitor_get Read monitor_interface_dhcp_status monitor_interface_dhcp_status Read monitor_interface_stats monitor_interface_stats Read monitor_ips_anomaly Get IPS anomaly detection statistics. Read monitor_license_forticare_resellers Get FortiCare reseller and support contract information. Read monitor_license_status Get FortiGuard license and subscription status for all services. Read monitor_network_arp_list Get the ARP table (IP-to-MAC address mappings). Read monitor_network_lldp_neighbors Get LLDP neighbor information discovered on all interfaces. Read monitor_router_ipv4 Get the active IPv4 routing table (all routes in the FIB). Read monitor_router_ipv6 Get the active IPv6 routing table. Read monitor_router_lookup monitor_router_lookup Read monitor_router_lookup6 monitor_router_lookup6 Read monitor_router_statistics Get routing protocol statistics (BGP, OSPF, RIP adjacencies/neighbors). Read monitor_sdwan_health_check Get SD-WAN performance SLA health check results. Read monitor_sdwan_members Get SD-WAN member interface status and bandwidth usage. Read monitor_security_rating_summary Get the Security Rating summary score and findings. Read monitor_switch_controller_managed_switch Get status of all FortiSwitch managed switches. Read monitor_switch_controller_port_stats monitor_switch_controller_port_stats Read monitor_system_config_backup monitor_system_config_backup Read monitor_system_process_list List running FortiOS processes with CPU and memory usage. Read monitor_user_firewall monitor_user_firewall Read monitor_user_fortitoken_list List FortiToken hardware/software tokens and their status. Read monitor_utm_app_categories Get UTM application category statistics. Read monitor_vpn_certificate_valid Check validity status of all VPN-related certificates. Read monitor_vpn_ipsec Get status of all IPsec VPN tunnels (up/down, bytes transferred, SAs). Read monitor_vpn_ipsec_tunnel_down monitor_vpn_ipsec_tunnel_down Read monitor_vpn_ipsec_tunnel_up monitor_vpn_ipsec_tunnel_up Read monitor_vpn_ssl_list List active SSL VPN sessions. Read monitor_wifi_ap_status monitor_wifi_ap_status Read monitor_wifi_client_list monitor_wifi_client_list Read monitor_wifi_interfering_ap Get list of interfering (neighbor) Access Points detected on RF scan. Read monitor_wifi_managed_ap Get detailed status of all managed Access Points (online/offline, channel, clients). Read monitor_wifi_rogue_ap Get list of detected rogue (unauthorized) Access Points. Read monitor_wifi_spectrum_analysis Get RF spectrum analysis data from APs that support it. Read router_access_list_list List all router access lists (ACL for routing). Read router_bgp_get Get BGP routing configuration (ASN, peers, networks, redistribute). Read router_community_list_list List all BGP community lists. Read router_ospf_get Get OSPF routing configuration (areas, networks, neighbors, redistribute). Read router_ospf6_get Get OSPFv3 (IPv6) routing configuration. Read router_policy_list List all policy-based routing rules. Read router_prefix_list_list List all IPv4 prefix lists (used in route filtering). Read router_rip_get Get RIPv1/v2 routing configuration. Read router_route_map_list List all route-maps (used for route filtering and attribute modification). Read router_sdwan_get Get the SD-WAN (virtual-WAN) configuration. Read router_static_get router_static_get Read router_static_list List all IPv4 static routes. Read router_static6_list List all IPv6 static routes. Read ssh_filter_profile_list List all SSH filter profiles. Read system_admin_get system_admin_get Read system_admin_list List all administrator accounts. Read system_dhcp_server_get system_dhcp_server_get Read system_dhcp_server_list List all DHCP server instances. Read system_dns_get Get DNS server configuration (primary, secondary, search domains). Read system_firmware_list List available firmware versions for upgrade. Read system_fortiguard_status Get FortiGuard service registration and update status. Read system_global_get Get FortiOS global settings (hostname, admin timeout, language, etc.). Read system_ha_status Get High Availability (HA) cluster status. Read system_interface_get system_interface_get Read system_interface_list system_interface_list Read system_ntp_get Get NTP synchronization configuration. Read system_resource_usage Get real-time resource usage: CPU, memory, disk, sessions. Read system_snmp_community_list List SNMP v1/v2c communities. Read system_snmp_sysinfo_get Get SNMP system info (contact, location, description, trap thresholds). Read system_snmp_user_list List SNMPv3 users. Read system_status Get the FortiOS system status (firmware version, hostname, serial number, Read system_time_get Get the current system time and timezone. Read system_vdom_list List all configured VDOMs. Read user_group_get user_group_get Read user_group_list List all user groups. Read user_ldap_list List all LDAP authentication server configurations. Read user_local_get user_local_get Read user_local_list List all local user accounts. Read user_radius_get user_radius_get Read user_radius_list List all RADIUS authentication server configurations. Read user_saml_list List all SAML identity provider configurations. Read user_tacacs_list List all TACACS+ authentication server configurations. Read voip_profile_list List all VoIP (SIP/SCCP) inspection profiles. Read vpn_certificate_ca_list List all VPN CA certificates. Read vpn_certificate_local_list List all VPN local (device) certificates. Read vpn_certificate_ocsp_server_list List OCSP server configurations for certificate revocation checking. Read vpn_certificate_remote_list List all remote (peer) VPN certificates. Read vpn_ipsec_phase1_get vpn_ipsec_phase1_get Read vpn_ipsec_phase1_list List all IPsec VPN Phase 1 (IKE gateway) interfaces. Read vpn_ipsec_phase2_get vpn_ipsec_phase2_get Read vpn_ipsec_phase2_list List all IPsec VPN Phase 2 (SA / child SA) selectors. Read vpn_ssl_portal_get vpn_ssl_portal_get Read vpn_ssl_portal_list List all SSL VPN portals. Read vpn_ssl_settings_get Get SSL VPN global settings (port, certificates, idle timeout, etc.). Read vpn_ssl_web_host_check_software_list List SSL VPN host check software (endpoint compliance) rules. Read waf_profile_list List all WAF profiles. Read waf_signature_list List all WAF signature configurations. Read webfilter_content_list List all web content filter (keyword) tables. Read webfilter_override_list List all web filter category override rules. Read webfilter_profile_get webfilter_profile_get Read webfilter_profile_list List all web filter profiles. Read webfilter_urlfilter_list List all URL filter tables (custom URL block/allow lists). Read wifi_controller_setting_get Get wireless controller global settings. Read wifi_hotspot20_profile_list List all Hotspot 2.0 (Passpoint) profiles. Read wifi_qos_profile_list List all wireless QoS profiles. Read wifi_rf_analysis_get Get wireless RF analysis settings. Read wifi_vap_get wifi_vap_get Read wifi_vap_group_list List all VAP groups (SSID bundles). Read wifi_vap_list List all VAPs (Virtual APs / SSIDs). Read wifi_wtp_get wifi_wtp_get Read wifi_wtp_list List all registered WTPs (Access Points) with their configuration. Read wifi_wtp_profile_get wifi_wtp_profile_get Read wifi_wtp_profile_list List all WTP (Wireless Termination Point / AP) profiles. Read ztna_server_list List all ZTNA access proxy (application gateway) servers. Read ztna_tag_policy_list List all ZTNA EMS tag (posture check) policies. Read firewall_schedule_one_time_list List all one-time schedules. Read firewall_schedule_recurring_list List all recurring schedules. Read system_autoupdate_schedule_get Get the FortiGuard auto-update schedule. Read virtual_patch_profile_list List all Virtual Patch profiles (inline IPS pre-patching).
OTHER 2 tools
Other monitor_action monitor_action Other service_call service_call
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about FortiOS 7 6 X MCP Server

Can an AI agent delete data through the FortiOS 7 6 X MCP Server MCP server? +

Yes. The FortiOS 7 6 X MCP Server server exposes 17 destructive tools including cmdb_delete, firewall_address_delete, firewall_addrgrp_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through FortiOS 7 6 X MCP Server? +

The FortiOS 7 6 X MCP Server server has 35 write tools including antivirus_profile_create, cmdb_create, cmdb_update. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach FortiOS 7 6 X MCP Server.

How many tools does the FortiOS 7 6 X MCP Server MCP server expose? +

240 tools across 4 categories: Destructive, Execute, Read, Write. 183 are read-only. 57 can modify, create, or delete data.

How do I enforce a policy on FortiOS 7 6 X MCP Server? +

Register the FortiOS 7 6 X MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every FortiOS 7 6 X MCP Server tool call.

Deterministic rules across all 240 FortiOS 7 6 X MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON FORTIOS 7 6 X →

Free to start. No card required.

240 FortiOS 7 6 X MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.