All things Palo Alto Networks
Is it possible to do inspection on IPSec P2P tunnels on a Palo Alto firewall ?
if the tunnel is terminated on the firewall, every qspect of the tunnel (transport + packets traversing the tunnel) is inspected
if the tunnel is traversing the firewall, it can only be inspected (via a tunnel inspection policy) if the protocol is GRE, VXLAN or unencrypted (AH) IPSec
regular IPSec tunnels traversing the firewall will still be 'inspected' for vulnerabilities via threat prevention