tunnel-inspection
Syntax
tunnel-inspection {
inspection-profile profile-name {
vxlan vxlan-name {
policy-set pset-name;
vni vni-name;
}
}
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
vni vni-name {
vni-id vni-id;
vni-range <vni-range-low to vni-range-high>;
}
}Hierarchy Level
[edit security]
Description
Configure security inspection for EVPN- VXLAN tunnel traffic. Configure an outer policy for the outer header and an inner policy for the inner header.
When packet matches security policy, the security device decapsulates the packet to get the inner header. The tunnel inspection profile is applied for the permitted traffic. With inner packet content and the applied tunnel inspection profile, the device performs a policy lookup and performs the stateful inspection for the inner session traffic.
Options
| inspection-profile profile-name | Configure a tunnel inspection profile to connect the outer policy and inner policy. |
| vxlan vxlan-name | VXLAN tunnel identifier. |
| policy-set pset-name | Policy that applies for the inner session created by VXLAN inner header. |
| trace-option | Configure traceoption for tunnel inspection. |
| vni vni-name | VXLAN network identifier (VNI). |
| vni-id vni-id | VXLAN network identifier (VNI) used to uniquely identify the VXLAN. |
| vni-range vni-range | VLAN ID range. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.1R1.