Hi Guys, very new to CheckMK so be gentle.
I have deployed CheckMK and added my hosts and Fortigate firewall, which works perfectly.
I do however see that although the Fortigate check only reports how many Ipsec Vpn tunnels are Up or down, but I want to monitor a single Vpn tunnel and traffic on it if possible.
The only resources I were ale to find to do the same is for CheckMK version 1.0, and I’m not sure if it is even advisable to try to add them to V2
Would anyone be able to guide an absolute beginner on how to go about getting this monitoring working?
I’ve managed to get the tunnels to show up as interfaces by following the " Network Monitoring with Checkmk: 3 rules to rule them all" post and it is working.
However All the tunnels show as “OK” which i determined is basically a “found and not missing” check, but it doesn’t check whether the tunnel is active or inactive as reported by Fortigate, any way to map the states of these tunnels to show whether they are active or inactive perhaps?
Even if it is just a dashboard view.
In the VPN tunnels check it does show all the inactive tunnels, but it is showing multiples of each tunnel, how do I filter that?
Hi @Raziel_za and welcome to the forum! And to Checkmk for that matter. 
We are currently looking into improving the VPN tunnel monitoring for Fortigate. So while I cannot make any promises things might improve in the future.
With that being said, the approach you chose should at least notify you if a tunnel goes down, in a sense, that the network interface goes down. So if Fortigate keeps the interface online, even if the tunnel is down, Checkmk cannot see that.
There might be several workarounds possible, with different levels of complexity. You could impose thresholds on the interfaces, that notify you, when there is no traffic at all. But that would probably also yield false positive alerts. You could also use a PING or HTTP check, to check a remote IP, that is only accessible, if the tunnel is up. But that would be some manual work.
I cannot say, what would be the best approach for you, but I hope I could give some pointers.
Thank you for the reply robin, I appreciate it.
I am very impressed with CheckMK at this point, however the primary focus for us would be to be able to monitor VPN tunnels whether they are working or not, as we have about 70 business critical tunnels that sometimes would drop at inconvenient times and no one knows about it.
I will see if I can implement any of the suggestions you mentioned
1 Like
This post is maybe, what you already did, but I am leaving it here at least for context: Monitoring VPN tunnels - #7 by Max1