Restrictions on using hot standby together with IPSec on the USG9000 series

Restrictions on using hot standby together with IPSec: 1. When hot standby runs together with IPSec, the upstream and downstream service interfaces of the active and standby devices must be Layer 3 interfaces. 2. When hot standby runs together with IPSec, the hot standby configuration and IPSec configuration are the same as they run alone. 3. The IPSec policy needs to be configured only on the active device. 4. When hot standby is used together with IPSec and the load balancing mode is used, the forward and reverse paths of traffic must be the same. 5. If the local device is the initiator of an IPSec tunnel, the tunnel local ip-address command must be run to set the local address that initiates negotiation to the virtual IP address of the VRRP backup group.

Scroll to top