https://live.paloaltonetworks.com/t5/globalprotect-discussions/does-pbf-rule-works-for-traffic-originating-from-global-protect/m-p/440566#M1875 <P>Hi All,</P><P>&nbsp;</P><P>We have two Global Protect portals/Gateways configured on each firewall ISP 1(Eth 1/1) and ISP 2(Eth 1/2) interfaces.</P><P>&nbsp;</P><P>We had enabled ECMP on the firewall with max path 2 and configured ISP 1 and ISP 2 as default routes.</P><P>&nbsp;</P><P>When an user is connected to GP configured on ISP 2 interface and trying to access internet the traffic from GP client is routed through ISP 1 interface.</P><P>&nbsp;</P><P>As ECMP is configured this is an expected behaviour.&nbsp;</P><P>&nbsp;</P><P>Can we use an PBF rule to route the traffic originating from end user GP Client to go through an particular interface.</P><P>&nbsp;</P><P>In the below article it is mentioned that Global protect traffic cannot be routed using PBF policy. Is it also applicable for the traffic originating from GP client end user system.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbDCAS#:~:text=PBF%20does%20not%20function%20for%20GlobalProtect%20connection" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbDCAS#:~:text=PBF%20does%20not%20function%20for%20GlobalProtect%20connection</A></P><P>&nbsp;</P><P>Thanks in advance.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 Oct 2021 15:10:26 GMT tamilvanan 2021-10-13T15:10:26Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/does-pbf-rule-works-for-traffic-originating-from-global-protect/m-p/440566#M1875 <P>Hi All,</P><P>&nbsp;</P><P>We have two Global Protect portals/Gateways configured on each firewall ISP 1(Eth 1/1) and ISP 2(Eth 1/2) interfaces.</P><P>&nbsp;</P><P>We had enabled ECMP on the firewall with max path 2 and configured ISP 1 and ISP 2 as default routes.</P><P>&nbsp;</P><P>When an user is connected to GP configured on ISP 2 interface and trying to access internet the traffic from GP client is routed through ISP 1 interface.</P><P>&nbsp;</P><P>As ECMP is configured this is an expected behaviour.&nbsp;</P><P>&nbsp;</P><P>Can we use an PBF rule to route the traffic originating from end user GP Client to go through an particular interface.</P><P>&nbsp;</P><P>In the below article it is mentioned that Global protect traffic cannot be routed using PBF policy. Is it also applicable for the traffic originating from GP client end user system.</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbDCAS#:~:text=PBF%20does%20not%20function%20for%20GlobalProtect%20connection" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClbDCAS#:~:text=PBF%20does%20not%20function%20for%20GlobalProtect%20connection</A></P><P>&nbsp;</P><P>Thanks in advance.</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 13 Oct 2021 15:10:26 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/does-pbf-rule-works-for-traffic-originating-from-global-protect/m-p/440566#M1875 tamilvanan 2021-10-13T15:10:26Z https://live.paloaltonetworks.com/t5/globalprotect-discussions/does-pbf-rule-works-for-traffic-originating-from-global-protect/m-p/441353#M1884 <P>Play arround. You can use the option to add the VPN traffic to a specific zone for more easilly manage it with PBF:</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/get-started/create-interfaces-and-zones-for-globalprotect.html" target="_blank">https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/get-started/create-interfaces-and-zones-for-globalprotect.html</A></P> Sun, 17 Oct 2021 11:59:43 GMT https://live.paloaltonetworks.com/t5/globalprotect-discussions/does-pbf-rule-works-for-traffic-originating-from-global-protect/m-p/441353#M1884 nikoolayy1 2021-10-17T11:59:43Z