You can view Tunnel Inspection logs themselves
or view tunnel inspection information in other types of logs.
Non-Encrypted IPSec, and GTP-U Protocols
there is a TCI traffic rule match, GRE, IPSec, and GTP-U protocols
are logged in the Tunnel Inspection log with the Tunnel log type,
the matched protocol, and the configured Monitor name and Monitor
When there is no TCI rule match, all protocols are logged
under Traffic logs.
there is a TCI traffic rule match, VXLAN protocol is logged in the
Tunnel Inspection log with the Tunnel (VXLAN) log type, the configured
Monitor name, and the Tunnel ID (VNI).
In the Traffic log
for the inner session, the Tunnel Inspected flag indicates a VNI session.
The Parent Session is the session that was active when the inner session
was created so the ID might not match the current Session ID.
When there is no TCI rule match, VNI sessions are logged
in Traffic logs with the UDP protocol, source port 0, and destination
port 4789 (the default).
View Tunnel inspection logs.
view the log data to identify the tunnel
in your traffic and any concerns, such as high counts for packets
failing Strict Checking of headers.
Click the Detailed Log View (
) to see details
about a log.
View other logs for tunnel inspection information.
For a log entry, click the Detailed Log View (
In the Flags window, see if the
flag is checked. A Tunnel Inspected flag indicates
the firewall used a Tunnel Inspection policy rule to inspect the
inside content or inner tunnel. Parent Session information refers
to an outer tunnel (relative to an inner tunnel) or an inner tunnel
(relative to inside content).
logs, only direct parent information appears
in the Detailed Log View of the inner session log, no tunnel log
information. If you configured two levels of tunnel inspection,
you can select the parent session of this direct parent to view
the second parent log. (You must monitor the
as shown in the prior step to view tunnel log information.)
If you are viewing the log for an inside session that
is Tunnel Inspected, click the
View Parent Session
in the General section to see the outside session information.