Skip to content
 
 

Cloud.Red MCP

An MCP for your F5 BIG-IP fleet.

Stop hunting through portals. SSH into any device, push a config, or open a web console with a single command. SSO-secured. AI + MCP ready. Installs in under 2 minutes. Enabled by Cloud.Red CLI.

Book a 20-Minute Demo
Under 2 minInstall time
 
ZeroDependencies
 
6 platformsLinux · macOS · Windows
 
 
 
Terminal — crcli
# SSH any device by hostname
$ crcli devices ssh bigip-prod-01
Connected to bigip-prod-01 (10.1.1.50)
 
# Pull configs from an entire HA pair
$ crcli devicegroups pull prod-ha /config/bigip.conf -o ./configs/
✓ bigip-prod-01_bigip.conf (24.3 KB)
✓ bigip-prod-02_bigip.conf (24.1 KB)
 
# Run a script across multiple groups
$ crcli devicegroups ssh prod-ha dr-ha -S ./check.sh --group
[bigip-prod-01] All pools healthy
[bigip-dr-01] pool_web: 1 member down
 
# Open the web console
$ crcli devices web bigip-prod-01
Opening TMUI in browser...
 
Now Available — MCP Integration

Your AI Assistant.
Your F5 Estate.
Finally Connected.

Cloud.Red MCP gives any AI assistant secure, real-time access to your F5 and NGINX infrastructure — so you can ask questions in plain English and get answers in seconds.

Ask your AI assistant:
 
"Which BIG-IP devices have expiring certificates?"
Certificate lifecycle & compliance
 
"Show me the health of my F5 estate."
Fleet-wide observability
 
"Identify configuration drift across environments."
Config consistency & drift detection
 
"Summarize and review device logs."
Log intelligence & analysis
 
"Help troubleshoot this before it becomes an outage."
Proactive incident prevention
How it works
1
Add the MCP server to your AI client
Works with Claude, Cursor, Copilot, and any MCP-compatible assistant.
2
Authenticate with your existing SSO
Full RBAC enforcement — your permissions follow your AI.
3
Ask in natural language
Get real answers from your live infrastructure. No dashboards. No logs. Just answers.
Secured by Cloud.Red RBAC
Your AI assistant only sees what you're authorized to see. Every interaction is logged with your identity — just like any other Cloud.Red operation.
Read the MCP Docs
 
See the Difference

Six clicks become one line.

Without crcli

  Open the customer portal
  Find the device by name or UUID
  Click the SSH or web button
  Wait for the session to spawn
  Repeat for every device

With crcli

# SSH any device by hostname$ crcli devices ssh bigip-prod-01
# Pull a config to your laptop$ crcli devices pull bigip-prod-01 /config/bigip.conf
# Open the web UI$ crcli devices web bigip-prod-01
Before & After

Stop doing this the hard way.

crcli replaces fragmented, manual workflows with a single unified tool.

Before crcli
Manually SSH into each device by IP address
Run scripts one device at a time
Maintain separate credentials per device
No audit trail for CLI operations
Dig through dashboards and logs manually
With crcli
Reach any device by hostname from anywhere
Execute scripts across entire device groups in parallel
Single OAuth SSO login, full RBAC enforcement
Every action logged with authenticated user identity
Ask your AI assistant what needs attention right now
Why crcli

Three reasons your team will
never go back to the portal.

01

Your Scripts. Your Fleet. Explained by AI. Industry First

That pool health check script already lives in your repo, in version control, next to the rest of your code. Cloud.Red MCP means you don't open a console to run it. You just ask. Claude reaches into your fleet through the MCP connector, finds both BIG-IPs by hostname (no UUIDs), runs your script against each one, and reads the results back to you — pools with no monitor, every member that's down, and the exact reason each health check failed. Across both devices. In one ask. Every action logged.

  • "Run my pool health check against both BIG-IPs in prod-ha and summarize"
  • "Which pools have no monitor configured across my fleet?"
  • "List every pool member that's down and why the health check failed"
02
From "Capture This" to "Here's the Problem"

Chasing a connection problem used to mean SSH-ing to the box, remembering the exact tcpdump flags, and squinting at a wall of packets. With Cloud.Red MCP, you describe what you want to see. Claude runs the capture live on the BIG-IP, 50 packets to that host on that port, using the correct F5 interface syntax. Then it reads the capture back: who's talking to whom, the handshake, the retransmit, and exactly where the conversation stalls. Not raw output. An explanation of what it means. Without leaving the conversation.

  • "Capture 50 packets to 10.1.2.50 on port 443 on bigip-prod-01"
  • "Read that capture and tell me where the connection is stalling"
  • "Summarize the handshake and flag any retransmits"
03
Zero to Fleet-Ready in One Login

Point Cloud.Red MCP at your tenant with one command and it knows your fleet: your devices, your groups, your permissions. Then log in once. Browser SSO completes and that single session covers everything, the CLI, your scripts, and AI through the MCP connector. No copying configs between windows, no portal tab, no separate credentials. Hostnames, not UUIDs. And whether you typed the command or AI did, every action is logged under the same authenticated identity.

  • crcli setup <your-tenant>  ← one command, fleet discovered
  • crcli auth login  ← browser SSO, covers CLI + scripts + AI
  • crcli devicegroups ssh prod-ha -S ./pool_health_check.py  ← both BIG-IPs, one line
 
What's Inside

Everything your team needs.

 
Hostname Resolution
No more UUID hunting. Use hostnames everywhere.
 
HA Pair as One
Target active, standby, or both with a single flag.
 
Bulk File Transfer
Push or pull files across a group simultaneously.
 
Interactive Selector
Searchable device picker with fuzzy search.
 
iControl REST Proxy
Authenticated session, ready for your scripts.
New
 
MCP Server
For Claude, Cursor, and any AI assistant.
 
Shell Completions
Bash and Zsh completions out of the box.
 
Self-Update
One command to check and apply updates.
Download

One binary. Zero dependencies.

Download the binary for your platform and drop it in your PATH.

admin.cloud.red/downloads/crcli/<os>/<arch>/
Get Started

Up and running in under 2 minutes.

 
1

Download the Binary

One static binary. No runtime. No package manager required.

LinuxmacOSWindows
 
2

Point It at Your Tenant

Your tenant name is the subdomain of your Cloud Red portal URL.

$ crcli setup <your-tenant>
 
3

Authenticate via SSO

Browser opens. Complete your login. Token stored in keychain. Done.

$ crcli auth login
WorldTech IT · Cloud.Red

20 minutes. That’s all we need.

See Cloud.Red MCP running against a live fleet. No slides. No pitch deck. Just a terminal and your questions.

Live terminal demo Real fleet, real commands No slides, no pitch deck
Book Your 20-Minute Demo