https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36100#M26529 <HTML><HEAD></HEAD><BODY><P>Hello Parvez,</P><P></P><P>Yes, it will work.</P><P></P><P>Thanks</P></BODY></HTML> Sun, 11 May 2014 06:28:06 GMT HULK 2014-05-11T06:28:06Z https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36096#M26525 <HTML><HEAD></HEAD><BODY><P>Dears,</P><P></P><P>We have four zone in the PA. The naming along with subnet are below mentioned.</P><P></P><P>1. ISP1- 100.100.100.2/29</P><P>2. ISP2- 200.200.200.2/29</P><P>3. DMZ1- 172.16.1.1/24</P><P>4. DMZ2-172.10.1.1/24</P><P>5. Inside- 10.10.10.0/24</P><P></P><P>Inside user are going to internet via ISP1 and ISP2 is used for accessing in the DMZ1 and DMZ2.</P><P>Since the default route is configured towards the ISP1<EM>. We are facing the issue to access the servers in DMZ1 and DMZ2 via ISP2.(Destination Nat is configured for these servers via ISP2).</EM></P><P><EM>As per the logs the session from ISP2 to DMZ1 and ISP2 to DMZ2 are showing incomplete.I tried to configure PBF but it is not working.<BR /></EM></P><P><EM><BR /></EM></P><P><EM>Kindly let me know how DMZ1 and DMZ2 servers can accessible via ISP2. </EM></P><P></P><P>Best Regards,</P></BODY></HTML> Thu, 08 May 2014 14:21:03 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36096#M26525 ParvezAhmad 2014-05-08T14:21:03Z https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36097#M26526 <HTML><HEAD></HEAD><BODY><P style="font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3b3b3b;">Hello Parvez,</P><P></P><P style="font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; color: #3b3b3b;">Here's a good document with a network diagram which can help. Symmetric return <SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"><SPAN class="GINGER_SOFTWARE_mark">eature</SPAN> forwards the packet to the MAC address from where the SYN or lost packet was received.&nbsp; This ensures return traffic follows the same interface which the session created and is useful in an asymmetric routing or Dual ISP environments.</SPAN></P><P></P><P><A href="https://live.paloaltonetworks.com/docs/DOC-4344">How to Configure Symmetric Return </A></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 08 May 2014 14:57:12 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36097#M26526 HULK 2014-05-08T14:57:12Z https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36098#M26527 <HTML><HEAD></HEAD><BODY><P>also when wan interface's are ppoe you don't need to write next hop, just selecting enforce return works.</P></BODY></HTML> Fri, 09 May 2014 18:45:35 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36098#M26527 Retired Member 2014-05-09T18:45:35Z https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36099#M26528 <HTML><HEAD></HEAD><BODY><P>I just want to double check that it will work for another DMZ2 host ; that is also need to be accessed via ISP2.</P><P>i.e. is PA-FW support two PBF on the same interface (ISP2) with different zone hosts(DMZ1 and DMZ2)?</P></BODY></HTML> Sun, 11 May 2014 05:19:37 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36099#M26528 ParvezAhmad 2014-05-11T05:19:37Z https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36100#M26529 <HTML><HEAD></HEAD><BODY><P>Hello Parvez,</P><P></P><P>Yes, it will work.</P><P></P><P>Thanks</P></BODY></HTML> Sun, 11 May 2014 06:28:06 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-with-two-isps-nat/m-p/36100#M26529 HULK 2014-05-11T06:28:06Z