File: //usr/lib/netdata/conf.d/health.d/azure_monitor_firewall.conf
# you can disable an alarm notification by setting the 'to' line to: silent
# --- Health ---
template: am_firewall_health
on: azure_monitor.firewall.health
class: Availability
type: Other
component: Azure Firewall
lookup: average -5m unaligned of average
units: percentage
every: 1m
warn: $this < (($status >= $WARNING) ? (99) : (90))
crit: $this < (($status == $CRITICAL) ? (90) : (80))
delay: down 5m multiplier 1.5 max 1h
summary: Firewall health on ${label:resource_name}
info: Health state of Azure Firewall ${label:resource_name} \
in ${label:resource_group} (${label:region}). \
AMBA threshold is 90%. Values below 100% indicate partial degradation
to: sysadmin
# --- Latency ---
template: am_firewall_latency
on: azure_monitor.firewall.latency
class: Latency
type: Other
component: Azure Firewall
lookup: average -5m unaligned of average
units: milliseconds
every: 1m
warn: $this > (($status >= $WARNING) ? (10) : (20))
crit: $this > (($status == $CRITICAL) ? (20) : (50))
delay: down 5m multiplier 1.5 max 1h
summary: Firewall latency on ${label:resource_name}
info: Average latency probe of Azure Firewall ${label:resource_name} \
in ${label:resource_group} (${label:region}). \
High latency indicates firewall processing delays
to: sysadmin
# --- SNAT Port Utilization ---
template: am_firewall_snat_port_utilization
on: azure_monitor.firewall.snat_port_utilization
class: Utilization
type: Other
component: Azure Firewall
lookup: average -5m unaligned of average
units: percentage
every: 1m
warn: $this > (($status >= $WARNING) ? (60) : (80))
crit: $this > (($status == $CRITICAL) ? (80) : (95))
delay: down 5m multiplier 1.5 max 1h
summary: Firewall SNAT port utilization on ${label:resource_name}
info: SNAT port utilization of Azure Firewall ${label:resource_name} \
in ${label:resource_group} (${label:region}). \
AMBA threshold is 80%. Exhaustion causes outbound connection failures
to: sysadmin