tunnel-inspection
Syntax
tunnel-inspection {
inspection-profile profile-name {
vxlan vxlan-name {
policy-set pset-name;
vni vni-name;
}
}
traceoptions {
file <filename> <files files> <match match> <size size> <(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
vni vni-name {
vni-id vni-id;
vni-range <vni-range-low to vni-range-high>;
}
}
Hierarchy Level
[edit security]
Description
Configure security inspection on VXLAN tunnels. Configure an outer policy for the outer header and an inner policy for the inner header.
Configure a tunnel inspection profile to connect the outer policy and inner policy. The tunnel inspection profile is attached to the outer policy and it points to a group of inner policies (policy set). When the packet matchs the outer policy, the SRX device decapsulates the packet to get the inner header. Using inner packet content along with the attached tunnel inspection profile of outer policy, the second policy lookup gets the desired inner policy applies the security services to inner packet.
Options
| inspection-profile | Configure a tunnel inspection profile to connect the outer policy and inner policy. |
| vni | Configure VXLAN Network Identifier for tunnel inspection. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.4R1.