View Tunnel Information in Logs

You can view Tunnel Inspection logs themselves or view tunnel inspection information in other types of logs.
  • View Tunnel inspection logs.
    1. Select
      Monitor
      Logs
      Tunnel Inspection
      and view the log data, noting the tunnel
      Applications
      used in your traffic and any high counts for packets failing Strict Checking of headers, for example.
    2. Click the Detailed Log View icon detail_log_view_icon.png to see details about a log.
  • View other logs for tunnel inspection information.
    1. Select
      Monitor
      Logs
      .
    2. Select
      Traffic
      ,
      Threat
      ,
      URL Filtering
      ,
      WildFire Submissions
      ,
      Data Filtering
      , or
      Unified
      .
    3. For a log entry, click the Detailed Log View icon detail_log_view_icon.png .
    4. In the Flags window, see if the
      Tunnel Inspected
      flag is checked. A Tunnel Inspected flag indicates the firewall used a Tunnel Inspection policy rule to inspect the inside content or inner tunnel. Parent Session information refers to an outer tunnel (relative to an inner tunnel) or an inner tunnel (relative to inside content).
      On the
      Traffic
      ,
      Threat
      ,
      URL Filtering
      ,
      WildFire Submissions
      ,
      Data Filtering
      logs, only direct parent information appears in the Detailed Log View of the inner session log, no tunnel log information. If you configured two levels of tunnel inspection, you can select the parent session of this direct parent to view the second parent log. (You must monitor the
      Tunnel Inspection
      log as shown in the prior step to view tunnel log information.)
    5. If you are viewing the log for an inside session that is tunnel inspected, click the
      View Parent Session
      link in the General section to see the outside session information.

Related Documentation