Hello everyone.
Many of our customers are using enterprise-grade firewalls (like Palo Alto Networks, Fortinet, or Check Point) and are monitoring them through checkmk, of course. 
Mostly via SNMP.
By default, only the “normal” hardware stuff is monitored such as CPU, memory, and interfaces. There are only a few firewall-/security-related checks built in. (On a Palo, its sessions, state, and users; on a Forti its sessions, signatures & versions, VPN tunnels.) On https://exchange.checkmk.com/ there are only some outdated plugins available.
→ We want to collect a few “mandatory” checks for firewalls, that should be checked by checkmk to give a baseline overview of those firewalls. Maybe some of you have already similar ideas or suggestions for that?
Of course, we cannot monitor our security infrastructure with such a monitoring system solely. There are other products like SIEM/NDR/XDR/whatever for that. It’s more about a rough overview for the 24/7 support team, to get an idea if some failures are related to the firewalls or not.
Some ideas would be:
- threats: listed by severity; listed by action (drop or allow), listed by types (if grouped by the vendor already)
- network anomalies: port scans, DDoS, missing ARP/NS
- application/port distribution: listed by sessions and/or throughput
- HA sync
- routing changes (BGP, OSPF)
Please write any ideas you might have or any critical aspects. After that, we will try our best to get some of those basic checks into checkmk. 
Thanks,
Johannes