- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-20-2019 09:22 AM
Hi,
We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.
But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?
My configuration :
Thanks in advance for your help.
FG
01-06-2020 08:30 AM
Hi,
I resolved my problem with Policy Based Forwarding to force a FQDN to go with a defined IP.
Thanks for your help.
11-20-2019 01:07 PM
Hello there
Confused by your statements. Can you please edit and re-explain?
We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.
Are the FWs in HA? Are your routers upstream in HA? What is load balancing? (not the firewalls, right??)
But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?
You outgoing? Or you meant that you are outgoing with 2 IPs?
Presuming one from each ISP?
If only wanting to use a single IP, then perhaps you can setup BGP with your ISP and only advertise a single IP across both ISPs.
Make sense (I hope?)
11-21-2019 01:10 AM - edited 11-21-2019 03:10 AM
Hi @SCantwell_IM,
Sorry for my bad english. I re-explain my situation.
No, I don't my FW in HA, I have only one FW (PA-220). I enabled the ECMP (with Balanced Round Robin load balance method) on my virtual router by following this article : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK.
So now, my users are outgoing on Internet with two IP addresses configured with ECMP. This two IP adresses are provided by the same ISP.
But now, we want to go out on Internet with only one IP address while always enjoying our two links.
You talk about BGP, that's could be do that ?
I hope it's more comprehensive.
Thank you
12-11-2019 12:58 AM
Hi,
I don't a solution about my problem.
Anyone have a idea ?
Thank you for your help.
12-11-2019 03:05 AM
Other solution : I just need to outgoing on one web application with the same IP address (because this web application does not support concurrent session).
It's possible to add a filtering rule to define one path to access at this web application (for example, to access at this webapp https://mywebapps.example.com, I use the public IP 1.2.3.4 ?)
Thanks
12-11-2019 10:02 AM
Hello
If you ISP gives you both public IPs, then their network should support using a single IP address.
If one link fails, the traffic should use the 2nd link, and the ISP should know to send the traffic back to your FW.
You should talk with your ISP to confirm this.
We can try to translate our comments into your language.
01-06-2020 08:30 AM
Hi,
I resolved my problem with Policy Based Forwarding to force a FQDN to go with a defined IP.
Thanks for your help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!