11-25-2022 01:30 AM
The issue is due to the static route of 0.0.0.0 is through the First ISP. Tried to add the PBF but still the same behavior even with symmetric return
Any advise ? Know the option if another Virtual router , but with one single VR , is there any way ?
11-25-2022 06:27 AM
Well this look little challenging but I am guessing you are trying route GP traffic via second ISP. Did you try with PAT for second ISP?
let's say your GP source subnet is 192.168.10.0/24, and Zone is GP
Your PAT -
Source GP Zone / 192.168.10.0/24
Destination Outside Zone / Public IP
Same for Security Policy rule for accepted outbound traffic
11-27-2022 02:09 AM
Hi @${userLoginName} ,
Can you share your PBF configuration?
Following link describe setup similar to what you want to achieve - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF5CAK
As you can see PBF with Enforce Symmetric return should provide you with required result - return the replies from GP via secondary ISP.
So I am assuming something is not configured properly with your PBF. Try to follow the setups from the link and if still not working we can try to troubleshoot.
11-26-2024 08:23 AM
Can you reshare this KB ?
11-26-2024 02:51 PM
Hello,
If you have two ISP's and just want failover, use PBF for the primary with the policy to shut down if path not detected. Then the default route points to the second ISP.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
