Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Monitor-interface command on FWSM


I am confussed about the failover process on 6500. The doc says that if the firewall does not receive hello on failover link, it does network activity test on the interfaces. My question is what if the interfaces have gone down on a firewall but the unit is still responding on failover interface, will this cause a failover or not?

what is the relevance of the monitor-interface command?

please help.


Re: Monitor-interface command on FWSM

Hi there,

With the monitor-interface command you are telling the FWSM to exchange hello's between the interface being monitored, and the same interface on the secondary or standby device. So the hello traffic for any given monitored interface is traversing the network between the interfaces, not through the failover link.

The command is relevant to all interfaces you want to be monitored for the configured failover interface-policy on the device. For example, if you leave the default failover policy as 1, then the failure of 1 monitored interface will trigger the device to failover to the standby. You can use the failover interface-policy command to change it to any number or percentage of monitored interfaces.

Hope that helps!

CreatePlease to create content