Disable Tunnel Acceleration
Table of Contents
11.0 (EoL)
Expand all | Collapse all
End-of-Life (EoL)
Disable Tunnel Acceleration
Disable tunnel acceleration for GRE, VXLAN, and GTP-U
tunnels to troubleshoot.
By default, supported firewalls perform tunnel
acceleration to improve performance and throughput for traffic going
through GRE tunnels, VXLAN tunnels, and GTP-U tunnels. Tunnel acceleration
provides hardware offloading to reduce the time it takes to perform
flow lookups and allows the tunnel traffic to be distributed more
efficiently based on the inner traffic.
Tunnel acceleration
for GTP-U tunnels is supported by default on PA-7000 Series firewalls
with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B. GTP
must be enabled for GTP-U tunnel acceleration to occur. GTP-U tunnel
acceleration is very useful for narrowband IoT (NB-IoT) traffic.
If you configure a Tunnel Content Inspection policy rule for a firewall
to inspect GTP-U packets in a tunnel, you should disable tunnel
acceleration.
You can disable tunnel acceleration to troubleshoot.
If you disable tunnel acceleration on the PA-7000 Series firewall,
you are disabling it for GRE, VXLAN, and GTP-U tunnels simultaneously.
- Select DeviceSetupManagement and edit General Settings.Deselect Tunnel Acceleration to disable it.Click OK.Commit.Reboot the firewall.(Optional) Verify status of tunnel acceleration.
- Access the CLI.> show tunnel-accelerationSystem output is Enabled or Disabled. Additional status and reason for GTP-U only:
- Disabled—GTP-U tunnel acceleration is not supported on firewall model or GTP Security is disabled.
- Error (TCI with GTP-U configured unexpectedly)—TCI with GTP-U protocol is configured when Tunnel Accelection is enabled.
- Enabled—Tunnel Acceleration is enabled; GTP-U Tunnel Acceleration is not running yet. GTP Security is enabled, but yet to reboot.
- Installed—GTP-U Tunnel Acceleration is running.