Troubleshoot FTD 'monitor-interface' Commands Not Displayed in 'show run' after Moving from Sub-interfaces to Physical Interfaces

Available Languages

Download Options

  • PDF     (16.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (90.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (76.2 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 28, 2026
Document ID:225817

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Contents

Issue

After moving several sub-interfaces to physical interfaces on Firewall Threat Defense (FTD) 1140 HA pairs, the monitor-interface commands that were previously visible in the output of show run command output are no longer displayed in the standard configuration view. The commands now only appear when using show run all command output. This change occurred even for interfaces that were not modified during the migration.

Our original interfaces were:

  • E1/1 net1

  • E1/2.1 net2

  • E1/2.2 net3

  • E1/2.3 net4

  • E1/2.4 inside

The new interface layout is:

  • E1/1 net1

  • E1/2.4 inside

  • E1/3 net2

  • E1/4 net3

  • E1/5 net4

Prior to the interface changes, the monitor-interface commands appeared in the standard show run command output:

device# show running-config | include monitor-interface
monitor-interface net1
monitor-interface net2
monitor-interface net3
monitor-interface net4
monitor-interface inside
no monitor-interface service-module


After moving from sub-interfaces to physical interfaces, the show run command output only displays a subset of the monitor-interface commands:

device# show running-config | include monitor-interface
monitor-interface inside
no monitor-interface service-module


However, all monitor-interface commands are visible when running show run all command:

device# show running-config all | include monitor-interface
monitor-interface net1
monitor-interface net2
monitor-interface net3
monitor-interface net4
monitor-interface inside
no monitor-interface service-module

This behavior change has impacted compliance monitoring policies that rely on the monitor-interface commands being visible in the standard show run command output.

Environment

  • Cisco Firewall Threat Defense (FTD) 1140 appliances in High Availability (HA) configuration. Other hardware platforms can be also affected.

  • FTD Software Version: 7.6.4. Other software versions can be also affected.

  • Configuration change from sub-interfaces to physical interfaces performed.

Resolution

This behavior is expected and does not indicate a malfunction or software defect. When interfaces are changed from sub-interfaces to physical interfaces, the default monitor-interface behavior changes, and commands that match the default configuration are not explicitly displayed in the standard show run command output. The monitor-interface commands are still active and functional, but they are now considered default configurations for physical interfaces. Default configurations are only visible when using the show run all command output, which displays both explicit and default configurations.

Verification Steps

To verify that monitor-interface functionality is still active, use these commands.

Step 1: Check standard configuration display:

device# show running-config | include monitor-interface


Step 2: Check complete configuration including defaults:

device# show running-config all | include monitor-interface


Step 3: Verify failover monitoring status:

device# show failover


Step 4: To display information about the interfaces monitored for failover:

device# show monitor-interface

The difference in output between show run and show run all command outputs confirms that the monitor-interface commands are functioning as default configurations rather than explicit configurations.

Cause

  • When interfaces are migrated from sub-interfaces to physical interfaces, the FTD system applies different default behaviors for monitor-interface commands.

  • Physical interfaces have monitor-interface enabled by default, so these commands are not explicitly shown in the running configuration unless they differ from the default setting.

  • Sub-interfaces, on the other hand, require explicit monitor-interface configuration, which is why these commands were previously visible in the standard show run command output.

  • This is a behavioral difference between sub-interface and physical interface default configurations, not a software defect.

Related Content

Revision History

Revision Publish Date Comments
1.0
28-Apr-2026
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Mikis Zafeiroudis
    Cisco TAC Engineer
  • Ilkin Gasimov
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products