No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


eSight V300R009C00 Operation Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


This section describes precautions on using the IPSec VPN service management function so that eSight can be used properly.

License Support

A maximum of 2500 devices are supported.

Component Dependency

The IPSec VPN service management depends on the IPSec VPN management component.

Protocol Support

SNMP, Telnet, and NetConf are required.

Device Support

  • Service discovery supports physical firewalls and software firewalls (see the specification list for the software versions) and does not support the service discovery for a virtual system (including the virtual system of a physical firewall or software firewall).
  • Service deployment supports firewall V500R001C30 and later versions. Software firewalls and other device types are not supported.

Version Support

For detail, see the Specification List.

Application Scenario

Service configuration and service discovery.

Feature Limitation and Dependency

  • Service discovery
    • In the networking diagram of Site-to-Site VPN, IPSec service discovery does not support smart-link selection mode.
    • IPSec service discovery supports a maximum of 200 devices at a time. Service discovery for larger number of devices requires longer time.
    • Multiple IPSec service discovery processes cannot be performed concurrently.
    • Only the AR-series devices support the service discovery of the IPSec Profile.
    • After service discovery is performed on AR-series devices, the service status stays at inactive and cannot be updated.
  • Management scale
    • There can be a maximum of 20,000 IPSec tunnels. If the number of IPSec tunnels exceeds the capacity, performance and stability issues may occur in the IPSec service.
    • A maximum of 20000 service groups can be manually created by a user.
Updated: 2019-09-07

Document ID: EDOC1100011877

Views: 315946

Downloads: 639

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next