Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

Created on ‎12-10-2023 09:30 PM

system interface config missing from show and show full-configuration

Why can I not see the interface config in the show or show full-configuration CLI outputs?

 

There seems to be a relationship between the following 2 command formats:

show <<pathway>>

config <<pathway>>

So for instance

config vpn ipsec phase1-interface

show vpn ipsec phase1-interface

The <<pathway>> paragraph can also (usually?/Always?) be found in the show  and/or show full-configuration CLI output.  This relationship holds for the <<system interface>> pathway but this configu is missing from from the show and show full-configuration.

I am speaking of the production VDOM in this case (FG-traffic) as you can see below) but I have checked the root VDOM as well. Nothing.

What am I missing?

2023-12-11 15h20m20 6954S show system interfaces.png

Labels:
4514
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to slouw

Created on ‎12-11-2023 03:42 PM

Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.

 

Toshi

View solution in original post

4437
11 REPLIES 11
Toshi_Esumi
SuperUser
SuperUser

Created on ‎12-10-2023 09:46 PM

Not sure what are missing in the output of "show system interface" you posted. Those are all I would expect on your 40F regardless which VDOM you're in. "system interface" is under global so the output is the same.

 

Toshi

3973
slouw
Contributor
In response to Toshi_Esumi

Created on ‎12-10-2023 09:58 PM

To clarify this is my question:

Why can I not see the interface config in the show or show full-configuration CLI outputs?

3967
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to slouw

Created on ‎12-10-2023 10:05 PM

I still don't understand what you mean. If you go to "config system interface" then "show" or "show full" shows the all interfaces' config.

3962
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎12-10-2023 10:20 PM

Or, do you happen to be talking about those lan1-4, which are the members of the default "lan" hard-switch interface?

3959
hbac
Staff
Staff

Created on ‎12-11-2023 07:05 AM

Hi @slouw,

 

The system interface configurations are there in your screenshot. What configuration are you looking for?

 

Regards, 

3933
slouw
Contributor
In response to hbac

Created on ‎12-11-2023 03:01 PM

Yes @hbac thank you the config is there is the screenshot.

show system interface <------ Config is there

show full-configuration <------- Config is NOT IN HERE

show  <------------------------------ Config is NOT IN HERE

 

Would you expect the interface config to be present in the show full-configuration? (Or the show output?)

3919
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to slouw

Created on ‎12-11-2023 03:10 PM Edited on ‎12-11-2023 03:16 PM

As I said above, you have to get down to the "config system interface" config mode first to execute show or show full. It's same as "config vpn ipsec phase1-interface". You have to get down to the the config mode in the CLI command tree.
Otherwise, "show" shows the entire VDOM config.

Oh, I see what you mean. Since "config system interface" is under global, if you do "show" without getting into the config mode (which is inside of "global" not inside of a vdom), you wouldn't see the interface config at all. It shows just vdom config.

Is that what you meant? If you get in "config global", instead of "config vdom"->"edit FG-traffic", when you run "show" you can see the entire "global" config including the interface config.

 

<edit>In other words, the entire config consists of three sections:
1. global
2. vdom "root"

3. vdom "FG-traffic"

And the interface config is in the section 1. You have to be in there to see the content when you run "show" or "show full".
You can easily understand that when you back up the entire config into a file and exiamine it in a text editor to see those three sections. </edit>

 

Toshi

3916
slouw
Contributor
In response to Toshi_Esumi

Created on ‎12-11-2023 03:36 PM

All commands are executed from my production VDOM as shown:

FG40-Lab-6954S (FG-traffic) # show     <--- No interface config
FG40-Lab-6954S (FG-traffic) # show full-configuration  <--- No interface config
FG40-Lab-6954S (FG-traffic) # show system interface  <--- Interface config visible

3909
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to slouw

Created on ‎12-11-2023 03:42 PM

Again, because you are in vdom "FG-traffic" config mode. Just "end" to get out of vdom config mode, then get in "config global". Then show would show the interface config.
Or, just log out completely, then re-get in then "show" before getting into a vdom or global. You should see the entire config with those three sections.

 

Toshi

4438
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.