https://community.checkpoint.com/t5/OpenTelemetry-Skyline/CheckPoint-Skyline-for-S2S-monitoring-against-3rd-party-sites/m-p/275349#M748 <P>Hi,<BR /><BR /></P> <P>Without going into the actual question just yet, as I don’t do much VPN probing myself: I suggest you don’t post this question in the Skyline section, as the topic doesn’t get enough attention there. In my opinion, this is purely a VPN-related issue. Skyline would then only display the probe values if necessary.</P> Mon, 13 Apr 2026 10:29:59 GMT Vincent_Bacher 2026-04-13T10:29:59Z https://community.checkpoint.com/t5/OpenTelemetry-Skyline/CheckPoint-Skyline-for-S2S-monitoring-against-3rd-party-sites/m-p/275347#M747 <P>Hello,</P><P>we are attempting to deploy a Skyline monitoring tool with the Grafana/Prometheus deployment. The default dashboards - e.g. Single Device / Devices overview works well, everything loads with data and such. Where we hit a bump is a monitoring of S2S VPNs, where we have encountered multiple different cases:</P><OL><LI>&nbsp;Both tunnels are under our management server</LI><LI>One side is under our management server, one is against third party firewall - and traffic goes both ways</LI><LI>One side is under our management server, one is against third party firewall - and traffic goes only one way</LI></OL><P>Where we struggle is setting up probing against third parties, does not matter if its (Spoofed) ICMP or HTTPs. It seems more like SPI/SA monitoring then tunnel monitoring. It also seems like different values will be loaded depending if the community is set up as one tunnel per gateway / subnet / host.</P><P>I have searched far and wide for the answers but to no avail.</P><P>Do we need to setup a probe for each combination of subnet &lt;-&gt; subnet / host &lt;-&gt; host? Would it be better to change the tunnel configuration to Gateway &lt;-&gt; Gateway?</P><P>Does the probe need to have a status UP to report data? In some cases we have a probe shown as down but we see decrypted/encrypted traffic.</P><P>Does the third side need to allow ICMP/HTTP(s) probing for us to match the correct SPI/SA, as we have dozens to hundred S2S VPNs, this would take a significant chunk of time for negotiations with the 3rd party sides.</P><P>&nbsp;</P><P>Thank you</P><P>&nbsp;</P><P>&nbsp;</P><P>EDIT: Moving question to the VPN section for more attention.</P> Mon, 13 Apr 2026 11:21:05 GMT https://community.checkpoint.com/t5/OpenTelemetry-Skyline/CheckPoint-Skyline-for-S2S-monitoring-against-3rd-party-sites/m-p/275347#M747 Thomola 2026-04-13T11:21:05Z https://community.checkpoint.com/t5/OpenTelemetry-Skyline/CheckPoint-Skyline-for-S2S-monitoring-against-3rd-party-sites/m-p/275349#M748 <P>Hi,<BR /><BR /></P> <P>Without going into the actual question just yet, as I don’t do much VPN probing myself: I suggest you don’t post this question in the Skyline section, as the topic doesn’t get enough attention there. In my opinion, this is purely a VPN-related issue. Skyline would then only display the probe values if necessary.</P> Mon, 13 Apr 2026 10:29:59 GMT https://community.checkpoint.com/t5/OpenTelemetry-Skyline/CheckPoint-Skyline-for-S2S-monitoring-against-3rd-party-sites/m-p/275349#M748 Vincent_Bacher 2026-04-13T10:29:59Z