https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/320490#M82081 <P>Hello</P><P>&nbsp;</P><P>I have read "How to Configure Dual ISP Network with GlobalProtect VPN using a Virtual Router and Policy-Based Forwarding" (<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJeCAK)" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJeCAK)</A> since we had exactly the same challenge a few days ago. I solved it using a second virtual router.</P><P>If I follow the setup as shown in the HowTo, which ISP is chosen for an reply packet coming in via ISP2?</P><P>The users PC (to be more precise the GP software) is connecting to the firewalls IP of ISP2, traffic coming in via line of ISP2. Due to having only one default route, I expect that the reply to the PC is sent back via ISP1.</P> Fri, 03 Apr 2020 06:48:06 GMT JoergSchuetter 2020-04-03T06:48:06Z https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/320490#M82081 <P>Hello</P><P>&nbsp;</P><P>I have read "How to Configure Dual ISP Network with GlobalProtect VPN using a Virtual Router and Policy-Based Forwarding" (<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJeCAK)" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJeCAK)</A> since we had exactly the same challenge a few days ago. I solved it using a second virtual router.</P><P>If I follow the setup as shown in the HowTo, which ISP is chosen for an reply packet coming in via ISP2?</P><P>The users PC (to be more precise the GP software) is connecting to the firewalls IP of ISP2, traffic coming in via line of ISP2. Due to having only one default route, I expect that the reply to the PC is sent back via ISP1.</P> Fri, 03 Apr 2020 06:48:06 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/320490#M82081 JoergSchuetter 2020-04-03T06:48:06Z https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/321125#M82199 <P>Hello,</P><P>&nbsp;</P><P>Can you be more specific on you statement: "<SPAN>If I follow the setup as shown in the HowTo</SPAN>" ?</P><P>&nbsp;</P><P>If I understood this right, you have setup the similar. infrastructure outlined in the document you've shared with 2 ISP's. If you exactly followed the document, how and why did you configure a second VR? Did you have it for any other purpose?</P><P>&nbsp;</P><P>If you have exactly followed the document, then having 2 ISP's on the same VR and having your GP Gateway on your firewall will work as below:</P><P>&nbsp;</P><P>ISP 1 for your LAN traffic - No confusion here.</P><P>&nbsp;</P><P>Your GP gateway on ISP2 - No confusion here.</P><P>&nbsp;</P><P>The whole purpose of having a PBR and NAT for ISP2 in place for your GP traffic is that: any destination other than RFC1918 takes the ISP2 path. For RFC1918, you will anyway have the static route to your tunnel gateway, so any session to/from end user to RFC1918 will take the tunnel path.</P><P>&nbsp;</P><P>Hope this makes sense.</P><P>&nbsp;</P><P>Thank you.</P> Tue, 07 Apr 2020 04:09:05 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/321125#M82199 ALLADASAINITIN 2020-04-07T04:09:05Z https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/321170#M82214 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/137651">@ALLADASAINITIN</a>&nbsp;</P><P>I configured my setup before I stumbled over the howto. Trying to verify if I did it correct, I read the howto.</P><P>The question is: which path is a reply from the gateway IP (ISP 2) taking when sending a reply to the users PC (sent by GlobalProtect) on the Internet? My concern is the "tunnel" traffic between client and VPN gateway.</P> Tue, 07 Apr 2020 08:14:40 GMT https://live.paloaltonetworks.com/t5/general-topics/multiple-isps-for-globalprotect/m-p/321170#M82214 JoergSchuetter 2020-04-07T08:14:40Z