As an aside what you're asking to do principally is what the current industry is hyped up about..."Hybrid networking / SD WAN / iWAN"
Basically routing applications on specific network links (MPLS / IPSec over DIA or MPLS / DIA ( Direct Internet Access))
I've been begging Palo for years to get into the "hybrid space." They haven't seemed very interested in marketing their product to fit this use case.
Actually, we can do this based on PBF but it has been solved for a few specific URL or IP address, it's not enough for youtube and facebook (with many thing we need to catch up)
I never said it can't do it. I said they don't market it as such. Their direction has been more of a "security" play vice an "application" routing appliance.
Yup, I got your point. I have tried with PBF by using FQDN - DNS Proxy but I'm facing with an issue (I don't know this is affected by my wrong configuration or this is a bug on PaloAlto).
Ex: I have 2 WAN interfaces (ISP1 and ISP2)
- The primary interface is ISP 1, and I want youtube and facebook traffic will be forwarded to ISP2 interface.
- I tried to nslookup URL youtube.com to an IP address, and I got 188.8.131.52 on PaloAlto.
- Then I tried to nslookup URL yotube.com to an IP adress and I got the same IP: 184.108.40.206 on User machine.
- Meaning, If the traffic from User machine access to youtube.com, the PBF feature must be forward this traffic to ISP2 interface, but it's not.
Do you have any experience for that one? @Brandon_Wertz
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!