https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233049#M66849 <P>Hello,</P><P>As for a workaround, we would probbly need to know what you are trying to achieve. I solve most of my routing issues with dynamic routing and weighted routes.</P><P>&nbsp;</P><P>Regards,</P> Fri, 28 Sep 2018 21:35:02 GMT OtakarKlier 2018-09-28T21:35:02Z https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233019#M66838 <P>Running 8.0.x on our PA-3020 and PA-220 systems.&nbsp;</P><P>&nbsp;</P><P>In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multiple IPs in a PBF rule. Is this possible, is it coming, or is there a workaround?</P><P>&nbsp;</P><P>Thanks!</P><P>&nbsp;</P><P>Jordan</P> Fri, 28 Sep 2018 16:45:56 GMT https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233019#M66838 uvdes 2018-09-28T16:45:56Z https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233049#M66849 <P>Hello,</P><P>As for a workaround, we would probbly need to know what you are trying to achieve. I solve most of my routing issues with dynamic routing and weighted routes.</P><P>&nbsp;</P><P>Regards,</P> Fri, 28 Sep 2018 21:35:02 GMT https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233049#M66849 OtakarKlier 2018-09-28T21:35:02Z https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233050#M66850 <P>Good point. Here's what's going on.&nbsp;</P><P>&nbsp;</P><P>We have two ISPs, one primary and one failover (ECMP is a disucssion for another day). We do the failover in the virtual router using weighted routes, where we monitor the primary connection using path monitor with several IPs to make sure that if connectivity to just one of those IPs (even if it's anycast or similar) goes down, we don't failover.&nbsp;</P><P>&nbsp;</P><P>As it turns out, our slower, secondary ISP is more reliable than our faster primary ISP. We want to send our SIP VoIP traffic over slower backup ISP.&nbsp; By making a PBF rule I get all sorts of control over the zone, protocols, addresses, etc.. and can send the SIP traffic over the backup ISP. As it turns out, at the moment, we're just using a destination address group, not protocols. I was consdering switching the PBF rule to be based on source address and protocol so that if the SIP provider decides to update its IPs without telling me, or if I miss the notificaiton, I don't have to adjust anything.&nbsp;</P><P>&nbsp;</P><P>The SIP provider has four IP addresses currently. I imagine I could put those four as static rules in the virtual router and then use path monitroing for each one of them, but would really just prefer to use the PBF rule with more than one monitored IP address so that we get a little redunancy in checking if the connection is up like we would with path monitoring in a static route.</P><P>&nbsp;</P><P>Any suggestions are welcome <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 28 Sep 2018 22:00:24 GMT https://live.paloaltonetworks.com/t5/general-topics/monitor-multiple-ips-in-a-pbf-rule/m-p/233050#M66850 uvdes 2018-09-28T22:00:24Z