I have 2 ISPs on my PA 3220. I need to set it up in a way so our core traffic passes through ISP1 and guest WIFi and other non-critical traffic passes through ISP2. Also I need to make ISP2 as my backup ISP if ISP1 goes down. I have read about creating 2 VRs anfd setting up PBF but not too sure how to accomplish this fully.
From what you've explained it doesn't sound like you have any reason to utilize dual VR if this is all you are trying to accomplish. For the ISP failover you would want to utilize a static route with path monitoring to remove the primary link if the path goes down; the Guest traffic is a simple PBF configuration.
I am also trying to accomplish VPN automatic failover along with dual ISP, that's why I was thinking to deploy dual VR since vpn traffic originating from firewall can't be controlled using PBF.
That makes more sense with the design that you listed originally; without that piece of information the addition of a secondary VR doesn't really make sense. So what exactly are you getting stuck on when you try and configure/design this? What part of the configuration do you actually need help with?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!