https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102499#M44568 <P>Two suggestions: &nbsp;First, don't use application as a matching criteria in PBF. &nbsp;As you indicated, it needs to look at some packets before it determines the application, by which time it's too late. &nbsp;Instead, just use source &amp; destination.</P><P>&nbsp;</P><P>Second, if the fix above works, then your traffic monitoring rule should see that the ISP is down and automatically switch to the second ISP.</P> Fri, 12 Aug 2016 05:30:18 GMT rabolfathi 2016-08-12T05:30:18Z https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102187#M44551 <P>I got why huge traffic is coming to port 3978.Application is identified as Panorama.<BR />Its hge Gbs of traffic in one session.<BR />The source IP is firewall management Ip and destination is Panorama IP.</P><P>But why i need to kill this session means, we have a setup of 2 ISPs. We prefere this traffic should go through 1 ISP only one ISP.</P><P>Tht we accomplish through PBF ruless to 1 ISP.we use port in PBF. However there are 2 issues in this:</P><P><BR />1) As per PBF session, first few packets will go thorgh normal routing table and wont take PBF. untill the aplication identified. in this case as it is Panorama traffc it is never ending traffic.<BR />So this stayes at 1 ISP only( Not the ISP we define in PBF) . We have to manually kill Session an then next sessio will take 2 nd ISP.<BR /><BR />2) another scenarion, lets assume my 1st ISP down, then panorama traffic will take 2nd ISP( non prefereed). But even if 1st ISP came up also, as panorama is never ending session, it will continue on 2 nd ISP untll we clear manually.<BR /><BR />Can any one have suggestions on this.</P> Thu, 11 Aug 2016 04:33:52 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102187#M44551 Roby_Sreejith 2016-08-11T04:33:52Z https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102293#M44555 <P>Hi</P> <P>&nbsp;</P> <P>Unfortunately i don't think there's an easy fix as the backend connection to panorama is kept open continuously</P> <P>You could try setting a static route for a single IP instead of the PBF policy for this specific issue</P> <P>&nbsp;</P> <P>One bit of good new may be that the traffic to panorama should not be that big: when the session ends the today bytecount is added for the complete duration of the single session, which could be weeks to even months of data all added into 1 bytecount. if you do see excessive bandwidth usage, you can opt to tone down log forwarding to only the critical logs</P> Thu, 11 Aug 2016 11:42:24 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102293#M44555 reaper 2016-08-11T11:42:24Z https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102499#M44568 <P>Two suggestions: &nbsp;First, don't use application as a matching criteria in PBF. &nbsp;As you indicated, it needs to look at some packets before it determines the application, by which time it's too late. &nbsp;Instead, just use source &amp; destination.</P><P>&nbsp;</P><P>Second, if the fix above works, then your traffic monitoring rule should see that the ISP is down and automatically switch to the second ISP.</P> Fri, 12 Aug 2016 05:30:18 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-prefer-1-isp-for-one-application/m-p/102499#M44568 rabolfathi 2016-08-12T05:30:18Z