topic Re: PAN-OS SDWAN tunnel failover in General Topics

PAN-OS SDWAN tunnel failover

Retired Member — Thu, 18 Mar 2021 08:31:01 GMT

Hi All,

I have recently setup a SD-WAN between 2 PA firewalls. a default route was created automatically to sdwan.1. Though when one of the interface failed, it is not able to failover to the remaining tunnel which mapped to sdwan.2. May I know if I need to manually create a route for sdwan.2 though I could not find the interface under the static route setting (p.s I am using static route in my testing environment)

Thanks

Best Regards,

Elroy

Re: PAN-OS SDWAN tunnel failover

Retired Member — Thu, 18 Mar 2021 09:30:23 GMT

It seems to me that some of the parameter has been created wrongly by auto vpn. A backup physical interface has been attached to sdwan.902 instead of 901. And there is no zone configuration for two tunnels on hub firewall. I have attached the screenshots here. Could anyone kindly suggest what could be done to resolve the issue? Thank you

Re: PAN-OS SDWAN tunnel failover

ALI.KAYS — Thu, 18 Mar 2021 11:46:49 GMT

Hi,

I would firstly force the template value. Those tunnel interfaces should have zone-internal attached to them.

If that does not work, create a layer 3 zone and make a dummy change on panorama and commit to the firewall.

Re: PAN-OS SDWAN tunnel failover

Retired Member — Fri, 19 Mar 2021 02:58:23 GMT

Hi,

I do use panorama to do the config and tried to force template value already. Can you share what config to be changed on panorama as I cannot override the setting on the firewall itself and somehow the interface seems to be attached to the wrong tunnel as the screenshot shown

thanks

regards

Elroy