Check Point Firewall extension
- Latest Dynatrace
- Extension
- Published Oct 27, 2025
Gain insights into the performance of your Check Point Firewall devices.
Get started
Overview
Monitor health state and performance of your Check Point Firewall devices and provide a unified analysis for Ops, DevOps and IT Admins.
The Check Point Firewall extension leverages the SNMP protocol to provide a complete solution to monitor Check Point Firewall Devices. The extension is built on top of the Extension 2.0 Framework and its complete configuration is provided out-of-the-box.
Use cases
Use this extension to:
- Monitor health and performance of your Check Point Firewall devices by polling data for Network Devices and Interfaces.
- Set up alerts to get notified if a monitored interface goes into a
downstate. - Set up alerts to get notified by traffic anomalies.
- Use the extension with the
Infrastructure & Operations for an overview of all monitored Network Devices in the environment.
Requirements
- Activated the extension in your environment using in-product Hub.
- Provided device configuration.
For more information about the configuration, see SNMP Extension Documentation.
Compatibility information
- This extension can only be used with Check Point Firewalls.
- Only SNMPv2c and SNMPv3 are supported.
Details
The extension package contains:
- SNMP Data Source configuration
- New and Classic Dashboard Overviews
- Unified Analysis Screens
- Topology definition and entity extraction rules
- Generic Network Topology Support
For more information, see Simplified observability for your SNMP devices.
Licensing and cost
The Check Point Firewall extension runs most SNMP queries every minute. Once data is produced, it's ingested as metric datapoints and is subject to license consumption. Whether you are on a Classic or DPS license model, the measurement unit for metric ingestion is based on metric datapoints.
Below is a breakdown of metrics by feature set only including metrics collected once per minute (there are two metrics in the default feature set that are collected at a 30 minute interval):
default: 7 x Check Point Firewall Devices + 3 x Check Point Firewall InterfacesCheck Point Device: 15 x Check Point Firewall DevicesInterfaces: 9 x Check Point Firewall Interfaces
For example, if there is a monitoring configuration with all feature sets enabled, containing 1 Check Point Firewall with 1 Interface, the estimated yearly datapoint consumption can be calculated by the following formula:
33 x 60 x 24 x 365 = 17,344,800 metric datapoints per year
In the classic licensing model, metric ingestion will consume Davis Data Units (DDUs) at the rate of .001 DDUs per metric data point.
Multiply the above formula for annual data points by .001 to estimate annual DDU usage.
For more information about licensing costs, see Extending Dynatrace (Davis data units) or Metrics powered by Grail overview (DPS) depending on your license model.
Feature sets
When activating your extension using monitoring configuration, you can limit monitoring to one of the feature sets. To work properly the extension has to collect at least one metric after the activation.
In highly segmented networks, feature sets can reflect the segments of your environment. Then, when you create a monitoring configuration, you can select a feature set and a corresponding ActiveGate group that can connect to this particular segment.
All metrics that aren't categorized into any feature set are considered to be the default and are always reported.
A metric inherits the feature set of a subgroup, which in turn inherits the feature set of a group. Also, the feature set defined on the metric level overrides the feature set defined on the subgroup level, which in turn overrides the feature set defined on the group level.
Interfaces
| Metric name | Metric key | Description |
|---|---|---|
| Bytes in | checkpoint.firewall.if.bytes.in.count | Number of octets received on the interface |
| Packets in | checkpoint.firewall.if.packets.in.count | Number of packets received on the interface |
| Bytes out | checkpoint.firewall.if.bytes.out.count | Number of octets sent on the interface |
| Packets out | checkpoint.firewall.if.packets.out.count | Number of packets sent on the interface |
| Errors in | checkpoint.firewall.if.errors.in.count | Number of packets with errors received on the interface |
| Errors out | checkpoint.firewall.if.errors.out.count | Number of packets with errors sent on the interface |
| Oper status | checkpoint.firewall.if.status.oper | Current operational state |
| Admin status | checkpoint.firewall.if.status.admin | Desired state of interface |
| Speed | checkpoint.firewall.if.speed | Estimate of interface's current bandwidth |
default
| Metric name | Metric key | Description |
|---|---|---|
| Device entity attributes | checkpoint.firewall.entity_attributes | Constant value of 1 used for reporting entity attributes at a lower frequency |
| Physical component state | checkpoint.firewall.component.state | A state metric representing the details of physical components. This is used to collect details about the device stack. Value is always 1; use the dimensions to view details. |
| — | com.dynatrace.extension.network_device.sysuptime | — |
| — | com.dynatrace.extension.network_device.cpu_usage | — |
| — | com.dynatrace.extension.network_device.memory_used | — |
| — | com.dynatrace.extension.network_device.memory_free | — |
| — | com.dynatrace.extension.network_device.if.bytes_in.count | — |
| — | com.dynatrace.extension.network_device.if.bytes_out.count | — |
| — | com.dynatrace.extension.network_device.if.status | — |
Check Point Device
| Metric name | Metric key | Description |
|---|---|---|
| Disk percent | checkpoint.firewall.disk.percent | Percent of free space |
| Users connected | checkpoint.firewall.users.connected | Number of connected users |
| Accepted packets | checkpoint.firewall.packets.accepted.count | Accepted packets |
| Dropped packets | checkpoint.firewall.packets.dropped.count | Dropped packets |
| Logged packets | checkpoint.firewall.packets.logged.count | Logged packets |
| Rejected packets | checkpoint.firewall.packets.rejected.count | Rejected packets |
| Number of connections | checkpoint.firewall.connections | Number of connections |
| Peak number of connections | checkpoint.firewall.connections.peak | Peak number of connections |
| Active real memory | checkpoint.firewall.memory.active.real | Active real memory |
| Active virtual memory | checkpoint.firewall.memory.active.virtual | Active virtual memory |
| Free real memory | checkpoint.firewall.memory.free.real | Free real memory |
| Processor system time | checkpoint.firewall.cpu.time.system | Processor system time |
| Processor usage | checkpoint.firewall.cpu.usage | Processor usage |
| Processor user time | checkpoint.firewall.cpu.time.user | Processor user time |
| System uptime | checkpoint.firewall.sysuptime | The system up time since boot, in system ticks (hundredths of a second) |
Troubleshooting
To troubleshoot this extension, use the guides available in the Dynatrace Community, and Dynatrace Documentation.
