Dual ISP Branch Office Configuration

Printer Friendly Page

This document describes how to configure a dual ISP for a branch office.  In this scenario, an office is connected to two ISPs with redundancy for outbound connectivity. This configuration uses a combination of static routing, policy-based forwarding (PBF), and destination interface-based source NAT translation. The solution provides automatic outbound internet redundancy without requiring BGP routing protocol between ISPs.


Note: This document has been modified for PAN-OS 5.0 and later.  Multiple external zones are no longer required.


owner: kbrazil


Dear kbrazil,

thank you for your document. but i want to ask you in the PBF that you mentioned. why you but the local IP subnet in the destination address? should it be in the source address?


That is a negate pool.That is because to guarantee you'll not use pbf for internal access.

if you'll use pbf for some subnet then you have to add that to source address.

Just wish to confirm if this this design working ok for you guys ?

Hi Mandar,

this Design works, as you saw on our GTM Session in our case

thanks  :smileyhappy: