Sophos XG / XGS Check for CheckMK

Hi CheckMK Community,

i developed a new SNMP Check for CheckMK.

Its used to Monitor Sophos XG / XGS Firewalls.

Feel free to test it and give me your Bug Reports.
Its only tested on some Devices until now.

Tested with CheckMK Enterprise 2.0.0p26 and 2.2.0b4

Releases · matthias1232/kpc_sophosxg · GitHub

To get the check working you need to enable and configure SNMP on your Sophos XG Firewall.
Use this check at your own risk!

Some Description:

Sophos XG/XGS Check for CheckMK


#Powered by K&P Computer -

SNMP Check for Sophos XG/XGS Firewalls:




-Show Device Info including Firmware Version

-HA State





HA State:




Device Infos (Firmware etc.):




Now also available on the CheckMK Exchange


Thank you! The check works - we now have HA monitoring in CheckMK. Great!

Do you think it is possible to check the space of /tmp partition also? Even if it’s temporary stuff, when it’s full, the firewall’s database get stuck.

@Splunkler , there are some infos available in the MIB, but i’m not sure what it monitors exactly because i would need to test it.

1 Like

having a support case open for it at Sophos currently
maybe they can help out. will let you know.

1 Like

Sophos wrote, /tmp monitoring is currently not possible. They created a feature request SFSW-I-1561 for it. Let’s hope, they modify their SNMP implementation in a reasonable time.
Already, your monitoring script saved our as* last week with an other partition runing full.
Thank you!

1 Like

could you post the name of this tool you are using to display the values?

New version is now on Github and Exchange.

  • Added HA current and peer Device Keys in HA Monitoring + HA Port Info and HA Mode.
  • Added Firmware Check WARN (usefull for Distributed Monitoring with many firewalls when you want to check all firewalls for a specific Firmware version.
1 Like

I would strongly recommend to cleanup these checks.

  • Advertisement inside every check output → WHY??
  • One Check Script for Services and one for License would be enough - these checks can generate items.


I can try to improve the package and reduce the scripts to a minimal when i get some more time for this. But the check works for now.

The last request was implementing all appliance keys and i did it now. Im not sure when i have time to improve all scripts again.

The adverts… hmm yes i can understand that but i did it in my working hours and we need this check for our customers, so it‘s not my decision to remove our support Information or not. Customers with problems should contact us for support and i put the information in the detailed output.

But my company allowed me to put the check on github and exchange, so everyone can at least use it for free and also fork it to change the code as long you dont remove our company name and my name as Authors from the Source Code and create an own mkp Package.

Thats all i can offer for now :slight_smile: