PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

Reply
L0 Member

PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

We have setup a PBF to route traffic to a new ISP link we have in case our primary fails.  

 

Both ISP interfaces are in one virtual router.

 

Once we change the default route to the Backup ISP and enable the PBF to forward all traffic to the Primary unless it fails, users can no longer connect to our GlobalProtect portal with the GlobalProtect client.

 

I know it is because of the new default route pointing at the secondary ISP, but is there a route I can create to fix?

 

 

L6 Presenter

Re: PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

Hi,

 

create 2 virtual routers with 2 seperate default gateways.That will be better. you can then create 2 different global protect 1 for main,1 for second isp.your Lan and isp1 will be at default, your isp2 will be at new virtual router.Then you will also add a LAN- next vr default vr route at new virtual router.

 

you can use pbf for main with monitor and 2nd pbf rule will route clients to isp2

 

 

Regards

 

L7 Applicator

Re: PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

@blohrer,

Unless you are advertizing the same range with both ISPs then I would do exactly what @panos is recommending. 

L0 Member

Re: PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

The only thing I have tried as of yet, is to move the Global Protect Gateway and Portal to the ISP two connection.  When I did this, the clients could successfully connect.  The only problem I had at that point was that once connected, the users could not access the local network.

 

The VPN is used by a small number of users.  The second ISP is only used to roll over for outbound access for internal users.

 

Is there a routing issue I am missing to allow the VPN to work on the second ISP?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!