Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure security inspection for EVPN- VXLAN tunnel traffic. Configure an outer policy for the outer header and an inner policy for the inner header.

When packet matches security policy, the security device decapsulates the packet to get the inner header. The tunnel inspection profile is applied for the permitted traffic. With inner packet content and the applied tunnel inspection profile, the device performs a policy lookup and performs the stateful inspection for the inner session traffic.


inspection-profile profile-name Configure a tunnel inspection profile to connect the outer policy and inner policy.
vxlan vxlan-name VXLAN tunnel identifier.
policy-set pset-name Policy that applies for the inner session created by VXLAN inner header.
trace-option Configure traceoption for tunnel inspection.
vni vni-name VXLAN network identifier (VNI).
vni-id vni-id VXLAN network identifier (VNI) used to uniquely identify the VXLAN.
vni-range vni-range VLAN ID range.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 20.1R1.