Tunnel Content Inspection
The firewall can now perform tunnel content inspection on the traffic content of cleartext tunnel protocols:
- General Packet Radio Service (GPRS) Tunneling Protocol for User Data (GTP-U)
You can use tunnel content inspection to enforce Security, DoS Protection, and QoS policies on traffic in these types of tunnels and traffic nested within another cleartext tunnel. You can view inspected tunnel information to verify that tunneled traffic complies with your corporate security and usage policies.
- In enterprise environments, you can inspect traffic tunneled using GRE or non-encrypted IPSec. For security, QoS, and reporting reasons, you want to inspect the traffic inside the tunnel.
- In Service Provider environments, you can use GTP-U to tunnel data traffic from mobile devices. You want to inspect the inner content without terminating the tunnel protocol, and you want to record user data from users.
All firewall models support tunnel content inspection of GRE and non-encrypted IPSec. Only PA-5200 Series and VM-Series firewalls support tunnel content inspection of GTP-U.
The firewall supports tunnel content inspection on Ethernet interfaces and subinterfaces, AE interfaces, VLAN interfaces, and VPN and LSVPN tunnels. Tunnel content inspection is supported in Layer 3, Layer 2, virtual wire, and tap deployments. Tunnel content inspection works on shared gateways and on virtual system-to-virtual system communications.
- Create a Security policy to allow packets through the tunnel that use a specific application, such as GRE.
- Create a Tunnel Inspection policy that specifies the criteria for packets that meet the policy, the tunnel protocols to inspect, the maximum level of encapsulation to inspect, and separate security policies for tunnel zones, if you choose.
- Use the ACC to view inspected tunnel activity.
- View Tunnel Inspection logs and other logs for tunnel inspection information.
- Create a custom report about Tunnel Inspected traffic.
Tunnel Content Inspection
Tunnel Content Inspection The firewall can inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ( RFC 2784 ) Non-encrypted IPSec traffic ...
Tunnel Content Inspection Overview
Tunnel Content Inspection Overview Your firewall can inspect tunnel content anywhere on the network where you do not have the opportunity to terminate the tunnel ...
Policies > Tunnel Inspection
Policies > Tunnel Inspection You can configure the firewall to inspect the traffic content of the following cleartext tunnel protocols: Generic Routing Encapsulation (GRE) Non-encrypted ...
Configure Tunnel Content Inspection
Configure Tunnel Content Inspection Perform this task to configure tunnel content inspection for a tunnel protocol that you allow in a tunnel. Create a Security ...
Building Blocks in a Tunnel Inspection Policy
Building Blocks in a Tunnel Inspection Policy The following table describes the fields you configure for a Tunnel Inspection policy. Building Blocks in a Tunnel ...
ACC Tabs Network Activity —Displays an overview of traffic and user activity on your network. It focuses on the top applications being used, the top ...
ACC Tabs The ACC includes the following predefined tabs for viewing network activity, threat activity, and blocked activity. Tab Description Network Activity Displays an overview ...
Tunnel Inspection Logs
Tunnel Inspection Logs Tunnel inspection logs are like traffic logs for tunnel sessions; they display entries of non-encrypted tunnel sessions. To prevent double counting, the ...
Networking Features New Networking Features Description Tunnel Content Inspection The firewall can now inspect the traffic content of cleartext tunnel protocols: Generic Routing Encapsulation (GRE) ...