Hi, I've configured Dual ISP failover using a PBF and everything seems to failover from ISP1 to ISP2 just fine. My issue is after we have failed over to ISP2 and ISP1 comes back online, not all traffic flips back to ISP1.
UDP sessions for devices that have a keep alive or heart beat seem to be the most problematic. Currently the SIP/RTP traffic from my phones seems to be causing the most issues. How can i get the Palo Alto to kill those sessions once the primary ISP comes back online? My ISP2 is a metered LTE connection and I'd like to save as much data as possible. When i look at the sessions in the CLI, the sessions that are on ISP2 still get renewed even when ISP1 is online and they never end unless i clear the sessions manually or i pull the network cable out of the LTE router.
Any help would be appreciated!
I don't think you are going to be able to do anything but clear them out manually. The session is going to stay on the route until it ages-out or is cleared, it won't go back through the process of deciding a path because it already has one open.
Write a script (in your prefered programming language) which:
- checks ISP1 periodically,
- set a trigger to detect if ISP1 goes down,
- after ISP1 is down it waits till it comes back up again,
- when ISP1 comes back it uses PA XML API to disable ISP2 (brings interface down) for a short while
I know it's not elegant and it takes some careful planning on conditions, but it could work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!