tunnel-inspection
Syntax
tunnel-inspection { inspection-profile name { ( geneve name {policy-set policy-set vni } | vxlan name {policy-set policy-set vni }); } traceoptions { file< filename><files files><match match><size size><(world-readable | no-world-readable)>; flag name; no-remote-trace; } vni name { (vni-id [ vni-id ... ] | vni-range name {to range-high }); } }
Hierarchy Level
[edit security]
Description
Configure security inspection on the VXLAN tunnels. Configure an outer policy for the outer header and an inner policy for the inner header.
Configure a tunnel inspection profile to connect the outer policy and the inner policy. The
tunnel inspection profile is attached to the outer policy and it points to a group of inner
policies (policy set). When
the packet matches the outer policy, the SRX device de-encapsulates the
packet to get the inner header. The second policy lookup uses the inner packet content and the
attached tunnel-inspection
profile of the outer policy to get the desired inner
policy. vSRX 3.0 uses this policy to apply security services to the inner
packet.
Options
inspection-profile |
Configure a |
vni |
Configure VXLAN network identifier (VNI) for tunnel inspection. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security
Release Information
Statement introduced in Junos OS Release 20.4R1.