Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-15-2012 07:15 AM
Hello all!
Newbie here on PA-500 (just installed yesterday 
), PAN-OS 5
I have 2 Internet provider connected to my PA-500 (configured and initial set-up done by reseller), and I am looking in a way to control (by user or device IP) who could go out via ISP2/Untrust2, in other words, not everyone going out by the "default" ISP1/Untrust1 interface.
Thank you in advance for any pointer to docs or steps in a reply post!
Serge
11-15-2012 10:53 AM
Thank you sdarapuneni!
I'll have a look at the docs, and see.
Although I wonder about your answer since there is no "dmz users", everyone is on the same internal segment.
Thank you again!
Serge
11-15-2012 11:07 AM
You can configure pbf for specific networks and/or users. As you are on 5.0, you can use the symmetric return feature which will ensure the traffic that came in through ISP1 will go out through the same interface. You can find more details on this in the admin guide. Hope this helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
