How to configure new ISP to make dual ISPs Active Active on single firewall Palo Alto.

Reply
abdulhakam
L2 Linker

How to configure new ISP to make dual ISPs Active Active on single firewall Palo Alto.

Hi All,

How to configure dual ISP with both ISP is active at the same time.

Local user can user both Isp when they using Internet.

How possible ?

PA-200 PAN OS 8.1.8

Thanks. Pls Advise.

Tags (1)
SureshReddyM
L2 Linker

Hi Abdulhakam,

 

If you are using BGP ( Dynamic Routing Protocol) then you can do load-balancing both links with prefix-based-Ips' subnets both live and also you can use AS-PATH attribute to provide the dynamic redundancy as well if one link down. 

 

Or if you are using the static route then you can configure multiple static default routes with path monitoring to provide the failover if the lowest path is failed. Here you can get Active/Active load balancing.

 

Best Regards,

Suresh

 

 

abdulhakam
L2 Linker

Hi Suresh, I think using BGP when I checked on virtual router. Have configuration on BGP and don't have static route. ISPs using dynamic IP address. On port 1/1. I plan to another ISP will use port 1/2. Can you share details about configuration ? Thanks Hakam
SutareMayur
L6 Presenter

Hi @abdulhakam ,

 

You can achieve it using ECMP. With this, firewall will have equal cost routes to the internet. And firewall will take one of the route to pass the traffic. Also you can have route monitoring for the failover. In case, any of the internet goes down, firewall will remove its associated route from the FIB. You can refer below article for configuration details.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK

 

Hope it helps!

Mayur S.
abdulhakam
L2 Linker

Hi @SutareMayur ,

 

Thanks for respond, 

It's possible implement with both ISPs using dynamic (PPPoE).?

I saw the link below have using Static Ip Address.

 

Thanks
Hakam

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!