Tunnel Rule Conditions
Rule conditions enable you to fine-tune your tunnel policy to target the networks you want to control. For tunnel rules, you can use the following conditions:
- 
                Interface Objects—The security zones or interface groups that define the device interfaces through which the connections pass. See Interface Rule Conditions. 
- 
                Tunnel Endpoints—The network objects that define the source and destination IP addresses of the tunnel. 
- 
                VLAN Tags—The outermost VLAN tag in the tunnel. See VLAN Tags Rule Conditions. 
- 
                Encapsulation and Ports—The encapsulation protocol of the tunnel. See Encapsulation Rule Conditions. 
- 
                Time Range—The days and times when the rule is active. If you do not specify a time range, the rule is always active. See Time and Day Rule Conditions.