Dual ISP scenario

L4 Transporter

Dual ISP scenario

Hi,

 

I need to create a dual ISP scenario. This FW has 2 interface with differents ISP. (ppoe)

eth1/2 (1.1.1.1/32)

eth1/3 (2.2.2.2/32)

 

We would like to balance both ISPs and in the case one of this ISP goes down, all traffic takes the ISP up in that moment. So i was checking, 

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Implement-ECMP-Load-Balancing-on-...

 

Also i would like to force some trust range to take interface 1/2 (using PBF), an in the case this interfaces 1/2 goes down, to take int1/3

 

on the another hand, there are several services on internet for this public IP. So how ca we public the NAT in both ISP interface??? clonning all the NATs using the new ISP IPs??? thats enough i think

 

 

Community Manager

Re: Dual ISP scenario

Hi @soporteseguridad

 

outbound you would be ok with ECMP and using PBF policies to force certain traffic onto a specific interface

outbound NAT would simply be regular outbound hide-NAT with a destination interface set and source NAT to the proper ISP subnet (clone and change destination interface + source translation)

Inbound NAT will only work for the ISP that routes the public IP so this can only be configured once for the appropriate ISP (so no cloning here)


Help the community: Like helpful comments and mark solutions
Reaper out
L4 Transporter

Re: Dual ISP scenario

Thanks reaper. Outbound is ok.

Thinking in inboud:

 

We have these NAT rules:

ISP1 is 1.1.1.1:

 

 

So, there is any way to clone all these NAT rules changing ISP 2.2.2.2, and if ISP 1.1.1.1 goes down, the inbound sessions take ISP 2???? any NAT track or way to configure public services with both ISPs?

 

L4 Transporter

Re: Dual ISP scenario

Forget inbound, we would have DNS problem, and create abother zone for ISP2.......to many config fo this end customer..... 

thanks a lot reaper

L7 Applicator

Re: Dual ISP scenario

Hello,

The only way to get inbound redirection to work would be to use an external load balancer. That way the LB would know which way is the best path and route to it while the public DNS record points to the LB IP's.

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!