ECMP with one IP on outgoing

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ECMP with one IP on outgoing

L2 Linker

Hi,

 

We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.

But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?

 

My configuration :

  • PA-220
  • PanOS 8.1.11

 

Thanks in advance for your help.

 

FG

1 accepted solution

Accepted Solutions

L2 Linker

Hi,

 

I resolved my problem with Policy Based Forwarding to force a FQDN to go with a defined IP.

 

Thanks for your help.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello there

 

Confused by your statements. Can you please edit and re-explain?

 

We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.

 

Are the FWs in HA?  Are your routers upstream in HA? What is load balancing? (not the firewalls, right??)

 

But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?

 

You outgoing?  Or you meant that you are outgoing with 2 IPs?

Presuming one from each ISP?

 

If only wanting to use a single IP, then perhaps you can setup BGP with your ISP and only advertise a single IP across both ISPs.

 

Make sense (I hope?)

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Hi @S.Cantwell,

 

Sorry for my bad english. I re-explain my situation.

 

No, I don't my FW in HA, I have only one FW (PA-220). I enabled the ECMP (with Balanced Round Robin load balance method) on my virtual router by following this article : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK.

 

So now, my users are outgoing on Internet with two IP addresses configured with ECMP. This two IP adresses are provided by the same ISP.

 

But now, we want to go out on Internet with only one IP address while always enjoying our two links.

 

You talk about BGP, that's could be do that ?

 

I hope it's more comprehensive.

 

Thank you

Hi,

I don't a solution about my problem.

Anyone have a idea ?

Thank you for your help.

 

L2 Linker

Other solution : I just need to outgoing on one web application with the same IP address (because this web application does not support concurrent session).

 

It's possible to add a filtering rule to define one path to access at this web application (for example, to access at this webapp https://mywebapps.example.com, I use the public IP 1.2.3.4 ?)

 

Thanks

Hello

 

If you ISP gives you both public IPs, then their network should support using a single IP address.

If one link fails, the traffic should use the 2nd link, and the ISP should  know to send the traffic back to your FW.

 

You should talk with your ISP to confirm this.

 

We can try to translate our comments into your language.

 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

L2 Linker

Hi,

 

I resolved my problem with Policy Based Forwarding to force a FQDN to go with a defined IP.

 

Thanks for your help.

  • 1 accepted solution
  • 4970 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!