This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

global protect vpn with DUAL ISP

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

global protect vpn with DUAL ISP

Marsooq-Akkaradathil
L1 Bithead

‎05-07-2020 10:50 AM

Hi Team,

 

we have two isp link with ecmp load-balancing enabled. we only have one virtual router setup. we have configured GP vpn portal with one isp interface and how can i configure the GP vpn with second isp link as well. we would like to have two external Gateway.But global protect portal only showing to choose one outgoing interface.any help?

0 Likes Likes
5 REPLIES 5

SutareMayur
L6 Presenter

‎05-07-2020 11:11 AM

@Marsooq-Akkaradathil,

 

If you're trying to configure multiple outgoing interface under single portal then it won't allow you. You can select single interface only. But you can add new Global Protect Portal which will be used for 2nd ISP interface.

 

One question here, do you need both VPN setups separate or you are looking for something like failover?

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes

Marsooq-Akkaradathil
L1 Bithead
In response to SutareMayur

‎05-07-2020 11:21 AM

@SutareMayur 

can we supposed to have more than one GP portal on the same device? yes, we are looking for fail-over setup.

0 Likes Likes

SutareMayur
L6 Presenter
In response to Marsooq-Akkaradathil

‎05-07-2020 12:05 PM

@Marsooq-Akkaradathil,

 

Yes you can have multiple GP portals on same gateway. This shouldn't create any issue. I had done one of such POC in my environment and everything was fine. But i had kept both VPN setups separate. There was nothing like failover.

 

For failover part, you can refer below KB article.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClU8CAK

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

andeporter
L1 Bithead

‎05-08-2020 01:57 PM

Marsooq,

 

I have the setup you are describing and Sutare is correct. You would have to have multiple Portals (for each ISP) for your GlobalProtect users. 

 

HTH. 

 

Thx,

Ap.

0 Likes Likes

projxit
L1 Bithead

‎06-18-2021 06:04 PM

I know this is an old question, but the way I've done this in the past is:

  1. Put the Portal and GW onto a loopback adapter
  2. Setup 2 NAT rules, 1 for each ISP, to forward GlobalProtect ports (443, 4501 etc)
  3. In the VR - ECMP setting, ensure you have Asynchronous return checked

 

0 Likes Likes
  • 9127 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks