Inspecting IPSec Tunnels ...
Hi all,
Is it possible to do inspection on IPSec P2P tunnels on a Palo Alto firewall ?
Thanks
-Alex
35 Views
top of page
bottom of page
Hi all,
Is it possible to do inspection on IPSec P2P tunnels on a Palo Alto firewall ?
Thanks
-Alex
if the tunnel is terminated on the firewall, every qspect of the tunnel (transport + packets traversing the tunnel) is inspected
if the tunnel is traversing the firewall, it can only be inspected (via a tunnel inspection policy) if the protocol is GRE, VXLAN or unencrypted (AH) IPSec
regular IPSec tunnels traversing the firewall will still be 'inspected' for vulnerabilities via threat prevention