No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FAQ- The requirement of interested flow acl when usg configures ipsec

Publication Date:  2012-09-13 Views:  677 Downloads:  0

Issue Description

The configuration of interested flow acl is necessary when configure ipsec on usg, the requirement of configuration as bellow:
1、 suggest acl regulation configured on two-ends is the mirror for each other. Configure to mirror is not necessary, configure to mirror is more simple and not easier to make mistakes in practices application.
2、 Commonly, there is no problem exist if the boundary of acl regulation configured on initiator is smaller than responder’s. for IKEv2, acl regulation from both sides takes intersection.

Alarm Information


Handling Process


Root Cause

Interface G0/0/0 is management interface, not service interface, other functions of G0/0/0 are:
1、 implement out-of-band management connected with third-party management server.
2、 Act as heartbeat interface when topology for two-node cluster hot backup.