global protect vpn with DUAL ISP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

global protect vpn with DUAL ISP

Hi Team,

 

we have two isp link with ecmp load-balancing enabled. we only have one virtual router setup. we have configured GP vpn portal with one isp interface and how can i configure the GP vpn with second isp link as well. we would like to have two external Gateway.But global protect portal only showing to choose one outgoing interface.any help?

5 REPLIES 5

Cyber Elite
Cyber Elite

@Marsooq-Akkaradathil,

 

If you're trying to configure multiple outgoing interface under single portal then it won't allow you. You can select single interface only. But you can add new Global Protect Portal which will be used for 2nd ISP interface.

 

One question here, do you need both VPN setups separate or you are looking for something like failover?

 

Mayur

M

@SutareMayur 

can we supposed to have more than one GP portal on the same device? yes, we are looking for fail-over setup.

@Marsooq-Akkaradathil,

 

Yes you can have multiple GP portals on same gateway. This shouldn't create any issue. I had done one of such POC in my environment and everything was fine. But i had kept both VPN setups separate. There was nothing like failover.

 

For failover part, you can refer below KB article.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU8CAK

 

Mayur

M

L1 Bithead

Marsooq,

 

I have the setup you are describing and Sutare is correct. You would have to have multiple Portals (for each ISP) for your GlobalProtect users. 

 

HTH. 

 

Thx,

Ap.

L1 Bithead

I know this is an old question, but the way I've done this in the past is:

  1. Put the Portal and GW onto a loopback adapter
  2. Setup 2 NAT rules, 1 for each ISP, to forward GlobalProtect ports (443, 4501 etc)
  3. In the VR - ECMP setting, ensure you have Asynchronous return checked

 

  • 7581 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!