We recently contracted with a second ISP for redundancy. I have been looking for instructions on how to set this up, but have not had much luck. I did find the following articles, but none of them actually show how to completely set it up:
How to Configure ISP Redundancy and Load Balancing This one comes close, but some important steps are missing
How to Setup a Palo Alto Networks Firewall with Dual ISPs and Automatic VPN Failover Again, comes close, but I don't need the VPN info
Can anyone provide better instructions for how to add a second ISP for redundancy?
My confusion may be how to actually add the second ISP to the PA. Do I add an interface with a DHCP assigned address from the Comcast modem?
I think you may follow the second DOC without VPN tunnel. It means, in the VR2, you have to define the static route pointing towards your ISP-2 IP address, instead of a tunnel interface.
We only have one internal subnet, do I have to create a second VR or can I just add a static route to our Comcast modem with a higher metric?
I would recommend you to have 2 separate VR, one for Primary ISP ( through PBF) and another will be for Secondary ISP ( through touting table).
I just accomplished this with the following DOC:
Works great with one VR! we used two different zones forthe two different external ISP's but that just means we had to double up or combine our rules. There were only a few anyway.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!