We have now two ISPs
And we want to configure PA so that when first ISP is down the traffic (in and out) passed to the second ISP
Can you give me please a guide about it?
I have done this many times with a lot of success. Here is a guide using PBF:
Hope that helps.
if you simply want redundancy, you can set the secondary ISP to a higher metric
you can add PBF on top of this to split off some traffic for bandwidth optimalization
if both ISP's are equal in performance and you have no special needs for certain types of traffic, you can also look into ECMP:
No i want redundancy
The one thing is after the first link shut down it passes to second link but when we return it back it didnt pass again to the first one
How do you have it configured? If using PBF and Monitoring, it should fail back once the monitoring see's the the IP you are monitoring is back up.
when i pass to backup route the connection pass to second ISP but NO internet for internal hosts
I have to put up the NAT rule of second ISP above the first NAT RULE -ISP 1
And then when i back the first ISP it did not pass to FIRST ISP. Preemtevie time is 1 minute.
make sure to add the 'egress interface' setting to the NAT rules, this will prevent that issue from occurring
It's recommended to assign each ISP it's own zone, but this will require more security policies
If instead you assign both ISPs the same zone, security policies will be simpler to manage but the NAT policies may get 'confused' about what to do, adding 'destination interface' to the requirements let's NAT know which rule to apply when an ISP goes down and packets are routed over a different interface:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!