Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

tunnel-inspection

Syntax

Hierarchy Level

Description

Configure security inspection for EVPN-VXLAN tunnel traffic. Configure an outer policy for the outer header and an inner policy for the inner header.

When a packet matches a security policy, the firewall decapsulates the packet to get the inner header. The tunnel inspection profile is applied to the permitted traffic. With the inner packet content and the applied tunnel inspection profile, the device performs a policy lookup and then performs stateful inspection of the inner session traffic.

Options

  • inspection-profile profile-name—Configure a tunnel inspection profile to connect the outer policy and inner policy.

  • trace-option—Trace options for Network Security tunnel-inspection. Configure trace option for tunnel inspection.

  • vni vni-name—Define VXLAN network identifier (VNI). VXLAN network identifier (VNI) used to uniquely identify the VXLAN.

  • no-remote-trace—Disable remote tracing

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

Security—To view this statement in the configuration.

Security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 20.1R1.