Global Protect with Second ISP which not have a default route to internet

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect with Second ISP which not have a default route to internet

The issue is due to the static route of 0.0.0.0 is through the First ISP. Tried to add the PBF but still the same behavior even with symmetric return

 

Any advise ? Know the option if another Virtual router , but with one single VR , is there any way ?

 

4 REPLIES 4

L1 Bithead

Well this look little challenging but I am guessing you are trying route GP traffic via second ISP. Did you try with PAT for second ISP?

 

let's say your GP source subnet is 192.168.10.0/24, and Zone is GP

 

Your PAT -

Source GP Zone / 192.168.10.0/24

Destination Outside Zone / Public IP

 

Same for Security Policy rule for accepted outbound traffic 

 

Hi @${userLoginName} ,

Can you share your PBF configuration?

Following link describe setup similar to what you want to achieve - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF5CAK

As you can see PBF with Enforce Symmetric return should provide you with required result - return the replies from GP via secondary ISP.

 

So I am assuming something is not configured properly with your PBF. Try to follow the setups from the link and if still not working we can try to troubleshoot.

Can you reshare this KB ?

Cyber Elite
Cyber Elite

Hello,

If you have two ISP's and just want failover, use PBF for the primary with the policy to shut down if path not detected. Then the default route points to the second ISP.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO

Regards,

  • 1382 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!