Default route via ISP-A (primary) has not yet recovered, even though the monitored IP address (DNS server of ISP-A) is already rechable via the interface connected to ISP-A router. (tested via ping source x.x.x.x host y.y.y.y)
I have seen the logs from previous months that the firewall has detected path failure and was able to recover. So I assume the setup is correct?
Any other troubleshooting that I can do? Or any other things to double check on my setup?
Update on this.
Current routing table is still via ISP-B.
Upon using traceroute source x.x.x.x host y.y.y.y, I saw that the DNS Server of ISP-A is being reached via ISP-B.
Do I need to put a specific static route pointing to DNS Server of ISP-A via ISP-A gateway?
Do you have separate interfaces connected to ISP-A and B?
How are your static routes configured? Sounds like path monitoring. What are you using for source interfaces on each route?
What is the metric configuration on each route?
if you are monitoring ISP A , then yes, the route for the tracking of that DNS(A) would have to be forced through ISP A only using the static routes.
Here's my setup.
ISPA (eth1/1) and LAN interfaces on one VR1
ISPB (eth1/2) on another VR2
-Default route (defaul admin distance, metric 10) w/ path monitoring (Monitored IP - DNS of ISP-A, source eth1/1, other settings default)
-Backup default route to next VR (default admin distance, metric 20)
-Specific /32 route of DNS of ISP-A to force it via ISP-A Gateway.
-Defaul route pointing to ISPB gateway
-Return routes to LAN segments (via next VR1)
Stand-alone test worked fine.
Can reach the internet and the DNS of ISPA (monitored IP in path monitoring of default route)
So I guess the problem is on the PA? Anything that I need to double check?
Checking from previous logs, firewall was able to detect path failure and was also able to recover.
Do you have any dynamic routing between the VR's? Perhaps that is how it learned the routes? But sounds like you have it solved with the static /32 routes. I also use them to be super specific on certain destinations for monitring and dynamic routing.
No Dynamic Routes between VR's.
Adding the specific /32 static route did not resolve the problem.
Path Monitoring status is stil down.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!