how to route different inside subnet to different outside interfaces?

Reply
Highlighted
L2 Linker

how to route different inside subnet to different outside interfaces?

the customer have added a extra isp router which i need to route a certain subnet through it for internet , the problem the default route 0.0.0.0/0 already route interent through the old outside interface , how do i route the specific inside subnet to the internet through the second outside interface? 

Tags (1)
L7 Applicator

Re: how to route different inside subnet to different outside interfaces?

you can set up policy based forwarding to direct a certain subnet to the second router


Help the community: Like helpful comments and mark solutions
Reaper out
L2 Linker

Re: how to route different inside subnet to different outside interfaces?

Hi,

 

is that done on palo alto? how do i do that?

 

Regards,

L4 Transporter

Re: how to route different inside subnet to different outside interfaces?

@chuckles He is a very nice article explaining how to set it up:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK

 

 

 

L2 Linker

Re: how to route different inside subnet to different outside interfaces?

that article is complicated and also not my goal as i dont want a primary and secondary isp , i want to use a certain subnet to use a second isp , do i do that by policy forwarding on the palo alto? do i create a rule with the inside subnet as source and destination as any , then set the egress interface to the second isp outside interface and the second hop as the isp router public ip which is directly connected?

 

will i need to nat "PAT" from inside to outside with the second outside interface? will i need a security rule as well from inside to second outside interface? please help

 

L4 Transporter

Re: how to route different inside subnet to different outside interfaces?

You won't need PAT ( Unless there is a specific application )

 

You almost certainly will need an outbound NAT though.

You will need a mathcing security rule.

 

On the PBF just

 

set the source address and zone to match the required internal subnet.

set the destination as any

set the application as any ( unless you only want certain traffic to go out this way)

set the egress interface on the new service with the next hop as the outside router.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!