https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1238235#M125164 <P>Hello,</P> <P>I am having issues with trying to get failover setup between vendor routers. We have vendor provided routers at our hub site and at one of our branch sites. We would like to have the traffic be routed to the branch vendor router in the event the hub vendor router is offline. I have setup a static route on the hub firewall to the hub vendor router with path monitor. I have setup a static route on the branch firewall to the branch vendor router with no path monitor and the administrative distance higher than BGP. I have the vendor network prefix to redistribute in both the hub and branch in the panorama sdwan devices. The issue I am seeing is when the hub vendor router is offline, path monitor shows it down but the hub firewall route is still being used. The branch firewall is still trying to use the route to the hub firewall and not advertising its static route to the hub.&nbsp;&nbsp;There must be something I am missing but not where else to look. I have included a generic diagram.&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="vendor-router-failover.jpg" style="width: 854px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/69273iA82D4BCAFD1579CD/image-size/large?v=v2&amp;px=999" role="button" title="vendor-router-failover.jpg" alt="vendor-router-failover.jpg" /></span></P> <P>&nbsp;</P> Wed, 17 Sep 2025 16:12:24 GMT Clint_UICCU 2025-09-17T16:12:24Z https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1238235#M125164 <P>Hello,</P> <P>I am having issues with trying to get failover setup between vendor routers. We have vendor provided routers at our hub site and at one of our branch sites. We would like to have the traffic be routed to the branch vendor router in the event the hub vendor router is offline. I have setup a static route on the hub firewall to the hub vendor router with path monitor. I have setup a static route on the branch firewall to the branch vendor router with no path monitor and the administrative distance higher than BGP. I have the vendor network prefix to redistribute in both the hub and branch in the panorama sdwan devices. The issue I am seeing is when the hub vendor router is offline, path monitor shows it down but the hub firewall route is still being used. The branch firewall is still trying to use the route to the hub firewall and not advertising its static route to the hub.&nbsp;&nbsp;There must be something I am missing but not where else to look. I have included a generic diagram.&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="vendor-router-failover.jpg" style="width: 854px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/69273iA82D4BCAFD1579CD/image-size/large?v=v2&amp;px=999" role="button" title="vendor-router-failover.jpg" alt="vendor-router-failover.jpg" /></span></P> <P>&nbsp;</P> Wed, 17 Sep 2025 16:12:24 GMT https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1238235#M125164 Clint_UICCU 2025-09-17T16:12:24Z https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1239849#M125322 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/209312">@Clint_UICCU</a>&nbsp;,</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>Are you still experiencing this issue? </SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>On the hub: </SPAN></P> <P>&nbsp;</P> <P><SPAN>Confirm the path monitor on the static route to the hub vendor router is actually causing the route to be removed from the hub's routing table when the vendor router is down. If not, the path monitor itself is not functioning as expected and I would recommend going over that config.&nbsp;When path monitoring fails, the static route should be removed from the routing table. Check the RIB and the FIB to ensure its not in play anymore.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>Verify that if the static route is being removed, the hub's BGP redistribution is correctly withdrawing that route from its BGP advertisements.</SPAN></P> <P>&nbsp;</P> <P><SPAN>On the branch:</SPAN></P> <P>&nbsp;</P> <P><SPAN>Ensure the static route to the branch vendor router is correctly redistributed into BGP. Next, verify that the BGP export policy on the branch firewall permits the advertisement of this static route to the hub as well as make sure your higher AD is committed successfully.&nbsp;</SPAN></P> <P>&nbsp;</P> <P><SPAN>This should point you towards the right direction in figuring out where exactly this process is failing. </SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 10 Oct 2025 11:51:18 GMT https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1239849#M125322 JayGolf 2025-10-10T11:51:18Z https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1240529#M125402 <P>Hello,</P> <P>Other things to try:</P> <UL> <LI>Policy Based Forwarding. Have a static route that points over the SD-Wan and a Policy Based Forward route that points to the local vendor router. The PBF routes takes effect prior to the default router so it wont mess things up.</LI> <LI>OSPF between your devices. This way the routes are learned and if they go down, then it'll take the best path.</LI> </UL> <P>&nbsp;</P> <P>Regards,</P> Wed, 22 Oct 2025 19:23:44 GMT https://live.paloaltonetworks.com/t5/general-topics/static-route-with-path-monitor-down-not-removing-bgp-route/m-p/1240529#M125402 OtakarKlier 2025-10-22T19:23:44Z