tunnel-inspection
Syntax
tunnel-inspection {
inspection-profile name {
(
geneve name {policy-set policy-set vni
} |
vxlan name {policy-set policy-set vni
});
}
traceoptions {
file< filename><files files><match match><size size><(world-readable | no-world-readable)>;
flag name;
no-remote-trace;
}
vni name {
(vni-id [ vni-id ... ] |
vni-range name {to range-high
});
}
}Hierarchy Level
[edit security]
Description
Configure security inspection on the VXLAN tunnels. Configure an outer policy for the outer header and an inner policy for the inner header.
Configure a tunnel inspection profile to connect the outer policy and the inner policy. The
tunnel inspection profile is attached to the outer policy and it points to a group of inner
policies (policy set). When the packet matches the outer policy,
the SRX device de-encapsulates the packet to get
the inner header. The second policy lookup uses the inner packet content and the attached
tunnel-inspection profile of the outer policy to get the desired inner
policy. vSRX Virtual Firewall 3.0 uses this policy to apply security services to the inner
packet.
Options
inspection-profile |
Configure a |
vni |
Configure VXLAN network identifier (VNI) for tunnel inspection. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.4R1.