This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

how to route different inside subnet to different outside interfaces?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

how to route different inside subnet to different outside interfaces?

chuckles
L2 Linker

‎05-15-2019 03:14 AM

the customer have added a extra isp router which i need to route a certain subnet through it for internet , the problem the default route 0.0.0.0/0 already route interent through the old outside interface , how do i route the specific inside subnet to the internet through the second outside interface? 

0 Likes Likes
5 REPLIES 5

reaper
Cyber Elite
Cyber Elite

‎05-15-2019 04:39 AM

you can set up policy based forwarding to direct a certain subnet to the second router

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

chuckles
L2 Linker
In response to reaper

‎05-15-2019 04:42 AM

Hi,

 

is that done on palo alto? how do i do that?

 

Regards,

0 Likes Likes

BatD
L4 Transporter
In response to chuckles

‎05-15-2019 04:56 AM

@chuckles He is a very nice article explaining how to set it up:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK

 

 

 

chuckles
L2 Linker
In response to BatD

‎05-15-2019 10:55 PM

that article is complicated and also not my goal as i dont want a primary and secondary isp , i want to use a certain subnet to use a second isp , do i do that by policy forwarding on the palo alto? do i create a rule with the inside subnet as source and destination as any , then set the egress interface to the second isp outside interface and the second hop as the isp router public ip which is directly connected?

 

will i need to nat "PAT" from inside to outside with the second outside interface? will i need a security rule as well from inside to second outside interface? please help

 

0 Likes Likes

RobinClayton
L4 Transporter
In response to chuckles

‎05-16-2019 12:47 AM - edited ‎05-16-2019 12:48 AM

You won't need PAT ( Unless there is a specific application )

 

You almost certainly will need an outbound NAT though.

You will need a mathcing security rule.

 

On the PBF just

 

set the source address and zone to match the required internal subnet.

set the destination as any

set the application as any ( unless you only want certain traffic to go out this way)

set the egress interface on the new service with the next hop as the outside router.

  • 6163 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks