FAQ–when configure virtual FW and span virtual FW function, what should pay attention to in ipsec configuration?
Need pay attention to the following points in the configuration:
1. Need to configure virtual firewall routing;
2. Span virtual firewall need create the domain between data flow import interface and export interface;
3. Acl need bind the virtual firewall which in data flow import interface;
4. If need span virtual firewall such as vfw1 set up the tunnel, protect the vfw2 message, then need configure remote - address VPN - instance vfw1 X.X.X.X in ike peer
Sa bind VPN - instance vfw2 zone zonename (zonename is the import zone that message assignment to the smbuf after decapsulation).