Monitor firewall

Does anyone know a plugin with which I can monitor firewall with icinga2 .
mainly looking for watchguard


In such cases I always start looking at Nagios Exchange and Icinga Exchange.

Hi Roland thanks for the reply

I couldn’t find anything in icinga exchange but in nagios exchange uses configuration wizard
here .
Is the same or in different approach can be done with icinga with the help of director ?

Any help is appreciated

Thanks and Regards,

I’m sorry but I’m not familiar with NagiosXI nor any of these plugins. In general, any plugin that fulfills the development guidelines can be integrated into icinga resp. director.


besides to the mentioned links from @rsx it would be very helpful to get addional informations what do you expect? And also what do you want exactly to monitor?

  • Local Firewalls from Linux/Windows/…-systems? Is it enough if the daemon is running?
  • HW firewall from your company? Is is an appliance or a special Linux server? Is it possible to run an icinga agent? Do you have remote access? Exists an api?
  • Check if zones are configured?
  • Check if ports are open?
  • Check if configured permissions are working?
  • Check logfiles for specific events?
    etc. etc.

If I think back when i read the docs from firewalld this is just a comprehensive topic. I don’t envy my colleagues from the security department.

Hi @stevie-sy
Thanks for your reply

Need to monitor Watch guard (Hardware firewall) to check the cpu usage,Bandwidth usage,Connections active,also need to monitor diffrent cisco switches and Mikrotik routers

Is it possible to Netflow to show historical and in real time data with icinga2?


Sorry, I don’t know either watch guard or netflow. Maybe other people in the community know this hardware. But you could check the docs if you could access an api or check via snmp.

For switches and router existing diffrent check on linked site above. Very often community member are using check_nwc and check_interfaces. Look into their docs if your hardware is supported. If not you can always try to access with snmp. Also here you have to check the docs for the correct MIB and OID.

About real time data: I have no experience with real time check in Icinga, maybe others. Icinga triggers only check scripts/programs in a certain interval and process the reteurn value. So you have set the check_period very high like every x sec. You have to test this with your setup if this works good.