NetClaw Now Speaks Prisma SD-WAN
We’re excited to announce that NetClaw now integrates with Palo Alto Networks Prisma SD-WAN, bringing complete fabric visibility through natural language queries. This integration adds 4 new skills backed by 16 tools, enabling network engineers to discover topology, monitor health, inspect configurations, and view application definitions without leaving the CLI.
What’s New
The Prisma SD-WAN integration leverages the community MCP server from iamdheerajdubey/prisma-sdwan-mcp, providing read-only access to your SD-WAN fabric through 16 tools organized into 4 purpose-built skills:
prisma-sdwan-topology (4 tools)
Discover your entire SD-WAN fabric through natural language:
- get_sites — List all sites with element counts and addresses
- get_elements — View ION devices (routers) by site
- get_machines — Audit hardware inventory with serial numbers
- get_topology — Visualize site-to-site VPN connectivity
Example: "Show me all SD-WAN sites" returns a complete inventory with element counts.
prisma-sdwan-status (4 tools)
Monitor fabric health without clicking through dashboards:
- get_element_status — CPU, memory, uptime, online/offline state
- get_software_status — Current versions and upgrade availability
- get_events — Recent operational events with severity
- get_alarms — Active critical and major alarms
Example: "Are there any critical SD-WAN alarms?" instantly surfaces issues requiring attention.
prisma-sdwan-config (7 tools)
Inspect configurations across the fabric:
- get_interfaces — LAN/WAN interface configurations per element
- get_wan_interfaces — WAN circuit details with bandwidth and BFD
- get_bgp_peers — BGP peering configurations and session states
- get_static_routes — Static route tables per element
- get_policy_sets — Policy set definitions
- get_security_zones — Security zone configurations
- generate_site_config — Export validated YAML for offline review
Example: "What BGP peers are configured on hq-router-1?" shows peering state instantly.
prisma-sdwan-apps (1 tool)
Understand application-aware policies:
- get_app_defs — Application definitions with categories and risk levels
Example: "List high-risk applications" helps identify policy opportunities.
Why This Matters
SD-WAN operations typically require navigating through web consoles, clicking through multiple tabs, and mentally correlating information across screens. With NetClaw’s Prisma SD-WAN integration:
-
One question, one answer: Ask "which elements are offline?" instead of navigating to device inventory, filtering by status, and scrolling through results.
-
Cross-domain correlation: Combine SD-WAN queries with other NetClaw skills. Check NetBox for expected device counts, compare with actual Prisma inventory, and flag discrepancies—all in one conversation.
-
Audit trail: Every query is logged to GAIT, providing a complete record of what was asked and what was found.
Getting Started
Prerequisites
- Palo Alto Networks Prisma Access/SASE subscription with SD-WAN enabled
- Service account with SD-WAN API permissions
Configuration
- Run
./scripts/install.shto clone the MCP server - Configure your
.envfile:
PAN_CLIENT_ID=name@tsg.iam.panserviceaccount.com
PAN_CLIENT_SECRET=your-secret-key
PAN_TSG_ID=your-tenant-service-group-id
PAN_REGION=americas # or europe- Start NetClaw and ask: "List all SD-WAN sites"
Read-Only by Design
This integration is intentionally read-only. All 16 tools query state without making changes, which means:
- No ServiceNow Change Request gating required
- No risk of accidental configuration changes
- Safe for production environments
What’s Next
The Prisma SD-WAN integration is our 45th MCP server integration and brings NetClaw to 106 total skills. We continue to expand multi-vendor coverage while maintaining our core principle: network engineers should be able to ask questions in natural language and get precise, actionable answers.
NetClaw is an open-source CCIE-level digital coworker that brings network automation to the CLI through Model Context Protocol (MCP) integrations. Learn more at github.com/automateyournetwork/netclaw.