I have 2 PaloAltos, one is running on robust and redundant Corp internet ISP, another one on a remote location with 2 public ADSL (and miserable quality ofc !). My goal is to have a redundant IPsec link between the two PaloAltos :
How would you achieve this ? I have several scenarios in mind:
thank you in advance for your suggestions, feedback and questions !
Hi...I believe both scenarios will work. The 1st scenario is using dynamic routing and one path will be selected over the other. This requires only dynamic routing to be enabled.
The 2nd method require some static routing and PBF. You can configure PBF to disable the forwarding rule should the next hop is down, and traffic will take the 2nd path. The failover time is configurable when you set the monitoring of the next-hop, so you can adjust this to fit your enviroment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!