Create a Tunnel Inspection Rule
Create tunnel inspection rules that contain a set of criteria against which a network packet is matched and then inspected.
- Create address lists to use when creating the rule.
The specified source and destination match condition for the traffic consists of lists that you configure in the policy before you construct the rule. You can create a maximum of 500 tunnel inspection rules for each policy.
When the specified source and destination match condition is met, the firewall applies a default Palo Alto Networks® tunnel inspection profile. The profile has the following characteristics, and isn't editable:
- Protocol: VXLAN
- Maximum Tunnel Inspection Levels: One level of encapsulation is inspected
- Return scanned VXLAN tunnel to source: True. Returns the encapsulated packet to the originating VXLAN tunnel endpoint (VTEP).
Use the <<CLI LINK PLACEHOLDER>> command and required parameters to create a tunnel inspection rule:
oci network-firewall tunnel-inspection-rule create --name my_tunnel-inspection_rule --network-firewall-policy-id network firewall policy OCID --condition '[{"sourceAddress":"IP_address"},{"destinationAddress":"IP_address"}]' ...[OPTIONS]
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the <<<API LINK PLACEHOLDER>> operation to create a tunnel inspection rule.