Global Protect with Second ISP which not have a default route to internet

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Global Protect with Second ISP which not have a default route to internet

L1 Bithead

The issue is due to the static route of is through the First ISP. Tried to add the PBF but still the same behavior even with symmetric return


Any advise ? Know the option if another Virtual router , but with one single VR , is there any way ?



L1 Bithead

Well this look little challenging but I am guessing you are trying route GP traffic via second ISP. Did you try with PAT for second ISP?


let's say your GP source subnet is, and Zone is GP


Your PAT -

Source GP Zone /

Destination Outside Zone / Public IP


Same for Security Policy rule for accepted outbound traffic 


Hi @sambhusarath ,

Can you share your PBF configuration?

Following link describe setup similar to what you want to achieve -

As you can see PBF with Enforce Symmetric return should provide you with required result - return the replies from GP via secondary ISP.


So I am assuming something is not configured properly with your PBF. Try to follow the setups from the link and if still not working we can try to troubleshoot.

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!