Focus

Mobile Network Infrastructure Getting Started

Disable Tunnel Acceleration

Table of Contents

Disable Tunnel Acceleration

Disable tunnel acceleration for GRE, VXLAN, and GTP-U tunnels to troubleshoot.

By default, supported firewalls perform tunnel acceleration to improve performance and throughput for traffic going through GRE tunnels, VXLAN tunnels, and GTP-U tunnels. Tunnel acceleration provides hardware offloading to reduce the time it takes to perform flow lookups and allows the tunnel traffic to be distributed more efficiently based on the inner traffic.

Tunnel acceleration for GTP-U tunnels is supported by default on PA-7000 Series firewalls with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B. GTP must be enabled for GTP-U tunnel acceleration to occur. GTP-U tunnel acceleration is very useful for narrowband IoT (NB-IoT) traffic. If you configure a Tunnel Content Inspection policy rule for a firewall to inspect GTP-U packets in a tunnel, you should disable tunnel acceleration.

You can disable tunnel acceleration to troubleshoot. If you disable tunnel acceleration on the PA-7000 Series firewall, you are disabling it for GRE, VXLAN, and GTP-U tunnels simultaneously.

Select DeviceSetupManagement and edit General Settings.
Deselect Tunnel Acceleration to disable it.
Click OK.
Commit.
Reboot the firewall.
(Optional) Verify status of tunnel acceleration.
1. Access the CLI.
2. > show tunnel-acceleration
  System output is Enabled or Disabled. Additional status and reason for GTP-U only:
  - Disabled—GTP-U tunnel acceleration is not supported on firewall model or GTP Security is disabled.
  - Error (TCI with GTP-U configured unexpectedly)—TCI with GTP-U protocol is configured when Tunnel Accelection is enabled.
  - Enabled—Tunnel Acceleration is enabled; GTP-U Tunnel Acceleration is not running yet. GTP Security is enabled, but yet to reboot.
  - Installed—GTP-U Tunnel Acceleration is running.

Get a Packet Capture of a GTP Event

5G-Ready K2 Next-Generation Firewalls