Dual ISP, PBF traffic not returning

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Dual ISP, PBF traffic not returning

L0 Member

I have two ISPs configured with path monitoring and I can successfully monitor the primary route and fail over to the secondary, however what I would like to do now is use PBF to always send some of my traffic out the secondary ISP.  Everything I've read says this is possible and should be fairly straight-forward but I just can't seem to get it to work.  I have a test PBF policy set up for all traffic from a single client and the policy appears to be working, hit counts increase and my traffic detail shows that the correct interface and NAT policy is being applied however I don't get any packets back.  I've torn down and rebuilt the rules a couple times now so it's possible I've become blind to a simple missed setting.  





Again if I simply fail the primary route, the secondary route takes over and all traffic flows out so the interface is working as is the outbound NAT and security policies; my problem just seems to be using both interfaces at the same time.  


Cyber Elite
Cyber Elite


One thing to look at is if you have zone protection enabled and you have the spoofed ip address checked in TCP/IP Drop options under Attack Protection. This in conjunction with PBF will cause the firewall to drop the return traffic as it doesn't align with the route table. 

L0 Member

Thank you very much BPry and Cooper80. You save my time!

  • 2 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!