The firewall transparent inside-vlan inspect enable command enables the detection of inner VLAN tags of QinQ packets in transparent Layer-2 transmission.
The undo firewall transparent inside-vlan inspect enable command disables the detection of inner VLAN tags of QinQ packets in transparent Layer-2 transmission.
firewall transparent inside-vlan inspect enable
undo firewall transparent inside-vlan inspect enable
By default, the detection of inner VLAN tags of QinQ packets is disabled in transparent Layer-2 transmission.
QinQ packets have inner VLAN tags and outer VLAN tags. By default, the FW parses outer VLAN tags. You can specify VLAN ID in a security policy to filter traffic based on outer VLAN tags.
If you need to filter traffic based on inner VLAN tags, you can enable the detection of inner VLAN tags and specify the inner VLAN IDs in security policies.
For single-tagged packets, regardless of whether inner VLAN tag detection is enabled, the FW parses the VLAN tags. If a VLAN ID matching condition is configured in a security policy, the FW compares the parsed VLAN IDs with the VLAN IDs in the security policy. If they match, the packets are processed based on the action configured in the security policy. If they do not match, the FW continues to match the parsed VLAN IDs against the next security policy.