Hello,

I have done this many times with a lot of success. Here is a guide using PBF:

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/policy/use-case-pbf-for-outbound-acc...

Hope that helps.

Now you can do similar thing with path monitoring in static routes as well.

if you simply want redundancy, you can set the secondary ISP to a higher metric

you can add PBF on top of this to split off some traffic for bandwidth optimalization

if both ISP's are equal in performance and you have no special needs for certain types of traffic, you can also look into ECMP:

Equal-Cost Multi-Path Routing (ECMP)

No i want redundancy

The one thing is after the first link shut down it passes to second link but when we return it back it didnt pass again to the first one

Hello,

How do you have it configured? If using PBF and Monitoring, it should fail back once the monitoring see's the the IP you are monitoring is back up.

Regards,

when i pass to backup route the connection pass to second ISP but NO internet for internal hosts

I have to put up the NAT rule of second ISP  above the first NAT RULE -ISP 1 

And then when i back the first ISP it did not pass to FIRST  ISP. Preemtevie time is 1 minute.

PAN-OS 8.0.10

PA-500

make sure to add the 'egress interface' setting to the NAT rules, this will prevent that issue from occurring

Can you please explain me how to do it? is it in the Policy > Nat>NAT RULES section?

It's recommended to assign each ISP it's own zone, but this will require more security policies

If instead you assign both ISPs the same zone, security policies will be simpler to manage but the NAT policies may get 'confused' about what to do, adding 'destination interface' to the requirements let's NAT know which rule to apply when an ISP goes down and packets are routed over a different interface: