For tunnel content inspection, override log settings
for Security policy rules to log cleartext tunnel sessions at session
start, session end, or both.
To easily view tunnel inspection logs for
cleartext tunnels and to separate tunnel inspection logs from traffic
logs, you can now configure tunnel content inspection logging and
log forwarding. You can configure tunnel content inspection to log
tunnel sessions at the start of a session, the end of a session,
or both. These log settings override the Security policy rule settings
that would otherwise control the tunnel inspection logs. You can
also override log forwarding settings in Security policy rules that
control traffic logs by configuring tunnel inspection log settings
to store tunnel logs separately from traffic logs. The tunnel inspection
logs store the outer tunnel (GRE, non-encrypted IPSec, or GTP-U)
sessions and the traffic logs store the inner traffic flows. This
allows you to easily report on tunnel activity (as opposed to inner
content activity) using the ACC and reporting features.
can create a Log Forwarding profile to specify where to send tunnel
inspection logs. A Log Forwarding profile for tunnel inspection
is separate from a Log Forwarding profile specified in a Security
policy rule, which applies to traffic logs.
When you view
a detailed tunnel inspection log, the log now includes the name
of the Tunnel Inspection policy rule that applied to the session
captured in the log, which makes it easier to track information
about non-encrypted tunnel traffic.
Specify logging of sessions that match a tunnel
inspection policy rule and configure log forwarding.
a Tunnel Inspection policy rule.
Override Security Rule Log Setting
Log at Session Start
at Session End
to determine where the firewall forwards tunnel logs for sessions
that match the Tunnel Inspection policy rule.
View tunnel inspection logs.
Click Detailed Log View (
) to see details
about a tunnel inspection log.