05-31-2018 11:15 AM
We have now two ISPs
And we want to configure PA so that when first ISP is down the traffic (in and out) passed to the second ISP
Can you give me please a guide about it?
05-31-2018 05:40 PM
Hello,
I have done this many times with a lot of success. Here is a guide using PBF:
Hope that helps.
05-31-2018 11:47 PM
Now you can do similar thing with path monitoring in static routes as well.
06-01-2018 05:44 AM
if you simply want redundancy, you can set the secondary ISP to a higher metric
you can add PBF on top of this to split off some traffic for bandwidth optimalization
if both ISP's are equal in performance and you have no special needs for certain types of traffic, you can also look into ECMP:
Equal-Cost Multi-Path Routing (ECMP)
06-05-2018 09:39 AM
No i want redundancy
The one thing is after the first link shut down it passes to second link but when we return it back it didnt pass again to the first one
06-05-2018 09:44 AM
Hello,
How do you have it configured? If using PBF and Monitoring, it should fail back once the monitoring see's the the IP you are monitoring is back up.
Regards,
06-06-2018 11:14 PM - edited 06-06-2018 11:24 PM
when i pass to backup route the connection pass to second ISP but NO internet for internal hosts
I have to put up the NAT rule of second ISP above the first NAT RULE -ISP 1
And then when i back the first ISP it did not pass to FIRST ISP. Preemtevie time is 1 minute.
PAN-OS 8.0.10
PA-500
06-07-2018 12:21 AM - edited 06-07-2018 12:22 AM
make sure to add the 'egress interface' setting to the NAT rules, this will prevent that issue from occurring
06-07-2018 12:29 AM - edited 06-07-2018 12:31 AM
Can you please explain me how to do it? is it in the Policy > Nat>NAT RULES section?
06-07-2018 12:47 AM
It's recommended to assign each ISP it's own zone, but this will require more security policies
If instead you assign both ISPs the same zone, security policies will be simpler to manage but the NAT policies may get 'confused' about what to do, adding 'destination interface' to the requirements let's NAT know which rule to apply when an ISP goes down and packets are routed over a different interface:
06-08-2018 01:02 AM
thanks it worked with internet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
