Model Context Protocol (MCP) servers expose a structured, machine-readable API for your enterprise data—designed for AI-powered automation, copilots, and decision engines. By delivering a clear, contextual slice of your network environment, MCP lets you query, analyze, and optimize complex systems without building custom SDKs or parsing raw exports.
Network configurations often span hundreds of interfaces, routing protocols, and security policies across diverse network devices. Understanding, monitoring, or optimizing these environments is slow and error-prone. MCP changes this: exposing network management data in a modular, context-rich format, ready for AI systems to consume. Enabling the AI to use your data with precision. Ask real-world questions, and get structured, actionable answers—instantly.
- Query and visualize network management data such as: DHCP, DNS, NTP,
- Retrieve and analyze networking configurations including BGP, OSPF, IS-IS, PBR, route filters and more.
- List and inspect interfaces
"Show me the status of all BGP peers and identify any that are down."
→ Returns comprehensive BGP peer status with connection states.
"List all PBR rules and show which traffic they're affecting."
→ Surfaces policy-based routing configurations and priorities.
"Check if IPv6 is enabled and show all IS-IS neighbors."
→ Traces network protocol status and adjacency information.
"Show all network interfaces organized by type and their operational status."
→ Delivers structured interface data for topology analysis.
"Verify DNS and NTP settings across all cluster members."
→ Returns network service configurations for validation.
This server uses interactive dialog-based authentication for connecting to Check Point Gaia systems:
- Interactive Prompts: When you first use a tool, the server will prompt you for connection details
- Credential Caching: Authentication credentials are securely cached for 15 minutes per gateway session
- Touch-Based Renewal: Each successful API call extends the cache timeout, keeping active sessions alive
- Per-Gateway Sessions: Each gateway maintains its own independent authentication session
- Automatic Re-authentication: When credentials expire, you'll be prompted again seamlessly
All tools require gateway connection details:
- gateway_ip: IP address of the Gaia gateway
- port: Gateway port (default: 443)
If not explicitly provided, the server will use the most recently used gateway connection details from your session.
User: "Show me BGP summary"
Server: "Please enter gateway IP address (and optional port): "
User: "192.168.1.1"
Server: "Please enter username: "
User: "admin"
Server: "Please enter password: "
User: [password]
Server: [Returns BGP summary data]
# Subsequent calls within 15 minutes use cached credentials
User: "Show BGP peers"
Server: [Returns BGP peers data immediately]
📊 Anonymous Usage Statistics: Check Point collects anonymous usage statistics to help improve this MCP server. To opt out, set
TELEMETRY_DISABLED=trueor use--no-telemetryflag.
Download and install the latest version of Node.js if you don't already have it installed.
You can check your installed version by running:
node -v # Should print "v20" or higher
nvm current # Should print "v20" or higherThis server has been tested with Claude Desktop, Cursor, GitHub Copilot, and Windsurf clients.
It is expected to work with any MCP client that supports the Model Context Protocol.
Note: Due to the nature of network management API calls and the variety of server tools, using this server may require a paid subscription to the model provider to support token limits and context window sizes.
For smaller models, you can reduce token usage by limiting the number of enabled tools in the client.
{
"mcpServers": {
"quantum-gaia": {
"command": "npx",
"args": ["@chkp/quantum-gaia-mcp"]
}
}
}- Download the MCPB file: 📥 gaia.mcpb
- Open Claude Desktop App → Settings → Extensions
- Drag the MCPB file and configure per the instructions.
# Create the config file if it doesn't exist
touch "$HOME/Library/Application Support/Claude/claude_desktop_config.json"
# Open the config file in TextEdit
open -e "$HOME/Library/Application Support/Claude/claude_desktop_config.json"code %APPDATA%\Claude\claude_desktop_config.jsonAdd the server configuration:
{
"mcpServers": {
"quantum-gaia": {
"command": "npx",
"args": ["@chkp/quantum-gaia-mcp"]
}
}
}Enter VSCode settings and type "mcp" in the search bar. You should see the option to edit the configuration file. Add this configuration:
{
...
"mcp": {
"inputs": [],
"servers": {
"quantum-gaia": {
"command": "npx",
"args": [
"@chkp/quantum-gaia-mcp"
]
}
}
},
...
}Enter Windsurf settings and type "mcp" in the search bar. You should see the option to edit the configuration file. Add the configuration as Claude Desktop App.
Enter Cursor settings and click on "MCP Servers" in the left menu. You should see the option to add a new MCP Server. Add the configuration as Claude Desktop App.
- Node.js 20+
- npm 10+
# Install all dependencies
npm install# Build all packages
npm run buildYou can run the server locally for development using MCP Inspector or any compatible MCP client.
node FULL_PATH_TO_SERVER/packages/gaia/dist/index.js- Authentication credentials are never shared with the model. They are used only by the MCP server to authenticate with your Check Point Gaia systems and are cached locally for 15 minutes per session.
- Only use client implementations you trust. Malicious or untrusted clients could misuse your credentials or access data improperly.
- Network management data is exposed to the model. Ensure that you only use models and providers that comply with your organization's policies for handling sensitive network configuration data.
- Secure your MCP client. The interactive authentication dialog will prompt for credentials through your MCP client interface - ensure your client environment is secure.
Anonymous Usage Statistics: Check Point collects anonymous usage statistics to improve this MCP server. Only tool usage patterns and anonymous identifiers are collected—no credentials, policies, or sensitive data.
Opt-Out: Set TELEMETRY_DISABLED=true environment variable or use the --no-telemetry flag to disable telemetry collection.