tunnel-inspection
Syntax
tunnel-inspection { inspection-profile profile-name { vxlan vxlan-tunnel-name { policy-set policy-set; vni vni-name; } } traceoptions (Security) { file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>; flag <name>; no-remote-trace; } vni vni-name { (vni-id [ vni-id-value ... ] | vni-range range-low { to range-high }); } }
Hierarchy Level
[edit security]
Description
Configure security inspection for EVPN-VXLAN tunnel traffic. Configure an outer policy for the outer header and an inner policy for the inner header.
When a packet matches a security policy, the firewall decapsulates the packet to get the inner header. The tunnel inspection profile is applied to the permitted traffic. With the inner packet content and the applied tunnel inspection profile, the device performs a policy lookup and then performs stateful inspection of the inner session traffic.
Options
-
inspection-profile profile-name
—Configure a tunnel inspection profile to connect the outer policy and inner policy. -
trace-option
—Trace options for Network Security tunnel-inspection. Configure trace option for tunnel inspection. -
vni vni-name
—Define VXLAN network identifier (VNI). VXLAN network identifier (VNI) used to uniquely identify the VXLAN. -
no-remote-trace
—Disable remote tracing
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
Security—To view this statement in the configuration.
Security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.1R1.