diff --git a/modules/diagnostics/system-health-check.sh b/modules/diagnostics/system-health-check.sh
index c0e0c77..5e1e78c 100755
--- a/modules/diagnostics/system-health-check.sh
+++ b/modules/diagnostics/system-health-check.sh
@@ -1183,7 +1183,7 @@ analyze_control_panel_services() {
     local panel_issues=""
 
     # Check cPanel services
-    if [ "$SYS_PANEL" = "cpanel" ]; then
+    if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then
         # Key cPanel services to check
         local cpanel_services=("cpanel" "whostmgrd" "cpsrvd" "tailwatchd" "dnsadmin")
 
@@ -1206,13 +1206,22 @@ This affects control panel functionality" \
         fi
 
     # Check Plesk services
-    elif [ "$SYS_PANEL" = "plesk" ]; then
+    elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then
         if ! systemctl is-active --quiet psa 2>/dev/null; then
             add_issue "HIGH" "PLESK - Panel service down" \
                 "Plesk service is not running" \
                 "Restart Plesk: systemctl restart psa" \
                 85
         fi
+
+    # Check InterWorx services
+    elif [ "$SYS_CONTROL_PANEL" = "interworx" ]; then
+        if ! systemctl is-active --quiet iworx 2>/dev/null; then
+            add_issue "HIGH" "INTERWORX - Panel service down" \
+                "InterWorx service is not running" \
+                "Restart InterWorx: systemctl restart iworx" \
+                85
+        fi
     fi
 
     # Check web server
@@ -1397,14 +1406,31 @@ Server may not be properly protected" \
 
     # Warn if no firewall detected
     if [ "$firewall_active" -eq 0 ]; then
+        local firewall_recommendation=""
+
+        if [ "$SYS_CONTROL_PANEL" = "cpanel" ]; then
+            firewall_recommendation="CSF (ConfigServer Firewall) is recommended for cPanel:
+    cd /usr/src && wget https://download.configserver.com/csf.tgz
+    tar -xzf csf.tgz && cd csf && sh install.sh"
+        elif [ "$SYS_CONTROL_PANEL" = "plesk" ]; then
+            firewall_recommendation="Plesk includes built-in firewall. Enable it:
+    - Log in to Plesk → Tools & Settings → Firewall
+    - Or use the system firewall (firewalld/iptables)"
+        elif [ "$SYS_CONTROL_PANEL" = "interworx" ]; then
+            firewall_recommendation="InterWorx supports CSF or system firewall:
+    - CSF: cd /usr/src && wget https://download.configserver.com/csf.tgz
+    - Or enable firewalld: systemctl enable --now firewalld"
+        else
+            firewall_recommendation="Enable firewalld or install CSF:
+    - firewalld: systemctl enable --now firewalld
+    - CSF: cd /usr/src && wget https://download.configserver.com/csf.tgz"
+        fi
+
         add_issue "HIGH" "FIREWALL - No active firewall detected" \
-            "No firewall found (CSF, iptables, firewalld)
+            "No firewall found (CSF, iptables, firewalld, Plesk)
 Server is exposed to attacks" \
             "Install and configure a firewall:
-  • CSF (recommended for cPanel):
-    cd /usr/src && wget https://download.configserver.com/csf.tgz
-    tar -xzf csf.tgz && cd csf && sh install.sh
-  • Or enable firewalld: systemctl enable --now firewalld" \
+  • $firewall_recommendation" \
             82
     fi
 }