General Packet Radio Service (GPRS) Tunneling Protocol for
User Data (GTP-U)
Virtual Extensible Local Area Network (VXLAN) (RFC 7348)
Tunnel content inspection is for cleartext tunnels, not
for VPN or LSVPN tunnels, which carry encrypted traffic.
You can use tunnel content inspection to enforce Security, DoS
Protection, and QoS policies on traffic in these types of tunnels
and traffic nested within another cleartext tunnel (for example,
a Null Encrypted IPSec tunnel inside a GRE tunnel). You can view
tunnel inspection logs and tunnel activity in the ACC to verify
that tunneled traffic complies with your corporate security and
All firewall models support tunnel content inspection for GRE,
non-encrypted IPSec, and VXLAN protocols. Only firewalls that support GTP security support
GTP-U tunnel content inspection—see the PAN-OS Releases by Model
that Support GTP and SCTP Security in the Compatibility Matrix.
By default, supported firewalls perform tunnel acceleration to
improve performance and throughput for traffic going through GRE
tunnels, VXLAN tunnels, and GTP-U tunnels. Tunnel acceleration provides
hardware offloading to reduce the time it takes to perform flow
lookups and allows the tunnel traffic to be distributed more efficiently
based on the inner traffic. However, you can Disable Tunnel Acceleration to troubleshoot.