Tunnel Acceleration for GRE, VXLAN, and GTP-U Tunnels
Table of Contents
10.0 (EoL)
Expand all | Collapse all
-
- Automatic Content Updates Through Offline Panorama
- Enhanced Authentication for Dedicated Log Collectors and WildFire Appliances
- Syslog Forwarding Using Ethernet Interfaces
- Increased Configuration Size for Panorama
- Access Domain Enhancements for Multi-Tenancy
- Enhanced Performance for Panorama Query and Reporting
- Log Query Debugging
- Configurable Key Limits in Scheduled Reports
- Multiple Plugin Support for Panorama
End-of-Life (EoL)
Tunnel Acceleration for GRE, VXLAN, and GTP-U Tunnels
Disable tunnel acceleration for GRE, VXLAN, or GTP-U
tunnels to troubleshoot and for other reasons.
By default, supported firewalls now perform
tunnel acceleration to improve performance and throughput for traffic
going through generic route encapsulation (GRE) tunnels, virtual
extensible local area network (VXLAN) tunnels, and General Packet
Radio Service Tunnel Protocol for User Data (GTP-U) tunnels. Tunnel
acceleration provides hardware offloading to reduce the time it
takes to perform flow lookups and allows the tunnel traffic to be
distributed more efficiently based on the inner traffic.
- GRE and VXLAN tunnel acceleration—Supported on PA-3200 Series firewalls and PA-7000 Series firewalls with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B.
- GTP-U tunnel acceleration—Supported on only PA-7000 Series firewalls with PA-7000-100G-NPC-A and PA-7050-SMC-B or PA-7080-SMC-B. GTP must be enabled for GTP-U tunnel acceleration to occur. GTP-U tunnel acceleration is very useful for narrowband IoT (NB-IoT) traffic.If you configure a Tunnel Content Inspection policy rule for a firewall to inspect GTP-U packets in a tunnel, you should disable GTP-U tunnel acceleration.
Tunnel
acceleration is enabled by default on the supported firewall models.
You can disable tunnel acceleration to troubleshoot or if you are
using a Tunnel Content Inspection policy rule to inspect GTP-U packets
in a tunnel. Perform the following task to disable tunnel acceleration.
- Select DeviceSetupManagement and edit General Settings.
- Deselect Tunnel Acceleration.
- Click OK.
- Commit.
- Reboot the firewall.
- Verify status of tunnel acceleration.
- Access the CLI.
- > show tunnel-accelerationSystem output is Enabled or Disabled. Additional status and reason for GTP-U only:
- Disabled—GTP-U tunnel acceleration is not supported on firewall model or GTP Security is disabled.
- Error (TCI with GTP-U configured unexpectedly)—TCI with GTP-U protocol is configured when Tunnel Accelection is enabled.
- Enabled—Tunnel Acceleration is enabled; GTP-U Tunnel Acceleration is not running yet. GTP Security is enabled, but yet to reboot.
- Installed—GTP-U Tunnel Acceleration is running.