https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522441#M108231 <P>Well this look little challenging but I am guessing you are trying route GP traffic via second ISP. Did you try with PAT for second ISP?</P> <P>&nbsp;</P> <P>let's say your GP source subnet is 192.168.10.0/24, and Zone is GP</P> <P>&nbsp;</P> <P>Your PAT -</P> <P>Source GP Zone /&nbsp;192.168.10.0/24</P> <P>Destination Outside Zone / Public IP</P> <P>&nbsp;</P> <P>Same for Security Policy rule for accepted outbound traffic&nbsp;</P> <P>&nbsp;</P> Fri, 25 Nov 2022 14:27:30 GMT Bharat_Rajwanshi 2022-11-25T14:27:30Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522424#M108227 <P>The issue is due to the static route of 0.0.0.0 is through the First ISP. Tried to add the PBF but still the same behavior even with symmetric return</P> <P>&nbsp;</P> <P>Any advise ? Know the option if another Virtual router , but with one single VR , is there any way ?</P> <P>&nbsp;</P> Fri, 25 Nov 2022 09:30:12 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522424#M108227 sambhusarath 2022-11-25T09:30:12Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522441#M108231 <P>Well this look little challenging but I am guessing you are trying route GP traffic via second ISP. Did you try with PAT for second ISP?</P> <P>&nbsp;</P> <P>let's say your GP source subnet is 192.168.10.0/24, and Zone is GP</P> <P>&nbsp;</P> <P>Your PAT -</P> <P>Source GP Zone /&nbsp;192.168.10.0/24</P> <P>Destination Outside Zone / Public IP</P> <P>&nbsp;</P> <P>Same for Security Policy rule for accepted outbound traffic&nbsp;</P> <P>&nbsp;</P> Fri, 25 Nov 2022 14:27:30 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522441#M108231 Bharat_Rajwanshi 2022-11-25T14:27:30Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522474#M108237 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/210927">@sambhusarath</a> ,</P> <P>Can you share your PBF configuration?</P> <P>Following link describe setup similar to what you want to achieve - <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF5CAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF5CAK</A></P> <P>As you can see PBF with Enforce Symmetric return should provide you with required result - return the replies from GP via secondary ISP.</P> <P>&nbsp;</P> <P>So I am assuming something is not configured properly with your PBF. Try to follow the setups from the link and if still not working we can try to troubleshoot.</P> Sun, 27 Nov 2022 10:09:13 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/522474#M108237 aleksandar.astardzhiev 2022-11-27T10:09:13Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/704213#M122203 <P>Can you reshare this KB ?</P> Tue, 26 Nov 2024 16:23:47 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/704213#M122203 sambhusarath 2024-11-26T16:23:47Z https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/704671#M122213 <P>Hello,</P> <P>If you have two ISP's and just want failover, use PBF for the primary with the policy to shut down if path not detected. Then the default route points to the second ISP.</P> <P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO</A></P> <P>Regards,</P> Tue, 26 Nov 2024 22:51:50 GMT https://live.paloaltonetworks.com/t5/general-topics/global-protect-with-second-isp-which-not-have-a-default-route-to/m-p/704671#M122213 OtakarKlier 2024-11-26T22:51:50Z