Monitoring: Should IPsec Be There if Not Set Up? [ANSWERED]

beremonavabi · Dec 18, 2018, 3:35 AM

In 2.4.4_1, if I go to Status > Monitoring and click the wrench icon to look at either the Traffic or Packets categories, the top choice to graph is IPsec (followed by LAN and WAN -- the only two interfaces I've got running). But, IPsec is not set up on my SG-4860 (never has been). The graphs are correctly showing 0 traffic going through IPsec and nothing shows up in Status > System Logs > IPsec or Status > IPsec. So, it's not any kind of functional problem. I'm just wondering if that choice should be there.

jimp · Dec 17, 2018, 4:05 PM

It's there because the interface is always there, and there isn't a good way to track that it was never enabled. If it's disabled now, there could still be some historical data there that someone might want to see if IPsec was recently or temporarily disabled.