You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An MCP (Model Context Protocol) server for the Check Point Management API, enabling AI assistants such as Claude to manage Check Point firewall policy, network objects, NAT rules, and security gateways through natural language.
Features
Traditional mode — individual, named MCP tools for every common operation (show hosts, add rules, publish, etc.)
Code mode — a single checkpoint_execute tool that runs arbitrary JavaScript against the API for advanced automation
Read-only by default; write operations require explicit opt-in
Automatic session management with auto-login
Supports Check Point R80.x and R81.x Management APIs
Full TypeScript with strict types throughout
Prerequisites
Node.js 18 or later
A Check Point SmartCenter or Multi-Domain Management server with the Management API enabled
API access enabled on the management station (mgmt_cli or SmartConsole API access settings)
Network connectivity from the machine running this server to the management API port (default: HTTPS/443)
Installation
git clone https://github.com/cheenu1092-oss/checkpoint-mcp-server.git
cd checkpoint-mcp-server
npm install
npm run build
The build produces two entry points:
File
Description
dist/traditional/index.js
Traditional mode with individual named tools
dist/code-mode/index.js
Code mode with a single checkpoint_execute tool
Configuration
All configuration is supplied via environment variables.
Variable
Required
Default
Description
CHECKPOINT_HOST
Yes
—
Base URL of the management API, e.g. https://192.168.1.100
CHECKPOINT_USERNAME
Yes
—
API administrator username
CHECKPOINT_PASSWORD
Yes
—
API administrator password
CHECKPOINT_DOMAIN
No
—
Domain name (Multi-Domain deployments only)
CHECKPOINT_VERIFY_SSL
No
true
Set to false to skip TLS certificate verification (not recommended for production)
CHECKPOINT_SESSION_TIMEOUT
No
600
Session idle timeout in seconds
CHECKPOINT_ENABLE_WRITE
No
false
Set to true to enable object creation, modification, deletion, and rule management
Usage with Claude Desktop
Add one (or both) of the following entries to your Claude Desktop configuration file.
Execute JavaScript code against the Check Point API
Security Notes
Write operations are disabled by default. You must set CHECKPOINT_ENABLE_WRITE=true to permit any create, update, or delete operation.
Changes are not live until published. All write operations create pending changes in the current session. Call checkpoint_publish (traditional) or await client.publish() (code mode) to commit them. Call checkpoint_discard to roll back.
Code mode executes arbitrary JavaScript in the Node.js process. It is intended for trusted operators and developers only, not for use with untrusted input sources.
Store credentials in environment variables or a secrets manager, never hardcoded in configuration files.
Use a dedicated API administrator account with the minimum required permissions.
Development
# Run tests
npm test# Build all targets
npm run build
# Build individual targets
npm run build:traditional
npm run build:code-mode
License
MIT
About
MCP server for Check Point Management API — firewall policy, objects, NAT, sessions via AI agents