I have a box set up with Smoothwall on it. I also have Servers Alive running on my home network. I use Salive to check other boxes, services and my cable connection. I have it checking the Smoothwall box, ping to see the box and a URL check of the first page on Smoothwall, so I know that the box is up and running. Does Smoothwall have any ports that can be checked??
I don't use Smoothwall (disagreement with them years ago), and don't run a web server on the firewall, but your concept is fine.
What are you running on the firewall, and what rules have you got to protect it? Our firewall does not accept ANY connections from the outside or DMZ, and only accepts SSH from a few specific workstations on the inside network. All other internal connections are rejected. Mail, DNS, FTP, web services and the like _pass through_ the firewall as needed, but the firewall itself has only that one SSH server running, and even that is on a non-standard port number for additional security. The firewall is permitted to initiate connections to the INTERNAL DNS servers and to the log server (system and firewall logs go to a central log server and to a printer in addition to /var/log/*). To see that the firewall is up and running properly, we merely check the firewall log on the log server. There's more than enough 31337 skript kiddiez and Loosedoze worms out there stroking ports for us to know that we have connectivity. We only log attempts to connect to one less commonly used port on the firewall, and that's enough to run through half a box of continuous feed paper in a month. I'd hate to think how fast we'd go through a box if we bothered to log all attempts to connect to the firewall.