Grafana Alerts

Overview of Alerts

Grafana alerts allow you to turn the observability dashboards into a proactive monitoring system.

Instead of relying only on manual dashboard checks, you can configure rules that automatically notify you when SD-WAN metrics indicate a problem.

The Alerts are prioritized based on importance. Make sure the label is configured on all the alert rules.

For example:

  • No telemetry received from a Security Gateway

  • A WAN link went down or changes its status frequently (flapping)

  • Link QoE or MOS score decreases below a threshold

  • VPN tunnels going down while the underlay link is still up

  • Characteristics of steering objects are exceeding the thresholds for latency / jitter / packet loss

  • High CPU or memory utilization on Security Gateways

With these alerts in place, NOC and operations teams can detect issues early, prioritize troubleshooting, and often resolve problems before end users start to complain.

These Grafana-based alerts are complementary to Check Point Infinity alerts:

  • Infinity alerts focus mainly on security events, management-level status and product-level health (threats, policy, blades, etc.) across the Check Point environment.

  • Grafana SD-WAN alerts are built directly on top of the Skyline/telemetry metrics used by the dashboards and are tailored to network and SD-WAN performance - underlay link quality, overlay tunnel health, QoE/MOS scores, and SD-WAN steering behavior.

Because they are defined in Grafana, these alerts are:

  • Fully customizable - you can change thresholds, add new rules or disable the ones you do not need.

  • Independent of Infinity - useful for customers who want local, high-frequency operation alerts alongside central Infinity alerts.

  • Directly linked to the dashboards - an alert can be opened from Grafana and immediately correlated with the corresponding panels with Security Gateway, ISP links, or VPN tunnels.

Downloading the SD-WAN Alert File

Download the required YAML file from sk180605 > section "SD-WAN Observability.

Adding the YAML File with Alerts

To add the Check Point "SD-WAN.yaml" file to your Grafana environment:

  1. Copy the YAML file to your Grafana server to this directory:

    /etc/Grafana/provisioning/alerting/

  1. If you have a Grafana Docker container:

  2. Copy the file:

    docker cp <Path to YAML_File> <Name of Grafana Docker Container>:/etc/grafana/provisioning/alerting/

    Example:

    docker cp /home/user1/SD-WAN.yaml grafana:/etc/grafana/provisioning/alerting/

  3. Restart the Docker container:

    docker restart <Name of Grafana Docker Container>

    Example:

    docker restart grafana

Removing the YAML File with Alerts

If an issue occurs after loading the YAML file with alerts, you can remove this YAML file from your Grafana environment.

  1. Find the file location on the Grafana server:

    sudo find /var/lib/docker -maxdepth 10 -type f -name '<Name of YAML File>' 2>/dev/null

    Example:

    sudo find /var/lib/docker -maxdepth 10 -type f -name SD-WAN.yaml ' 2>/dev/null

  2. Remove the file:

    sudo rm -fr <Path to YAML File>

    Example:

    rm -fr /var/lib/docker/overlay2/e821d4d9d2d81e058d3d70c232361e32c8ba25dec6137474214aac40654d3/diff/etc/grafana/provisioning/alerting/Alerts.yaml

  3. Restart the Docker container:

    docker restart <Name of Grafana Docker Container>

    Example:

    docker restart Grafana

Next Step:

See Manual Configuration of Alerts.