How to prefer 1 ISP for one application

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to prefer 1 ISP for one application

L4 Transporter

I got why huge traffic is coming to port 3978.Application is identified as Panorama.
Its hge Gbs of traffic in one session.
The source IP is firewall management Ip and destination is Panorama IP.

But why i need to kill this session means, we have a setup of 2 ISPs. We prefere this traffic should go through 1 ISP only one ISP.

Tht we accomplish through PBF ruless to 1 ISP.we use port in PBF. However there are 2 issues in this:


1) As per PBF session, first few packets will go thorgh normal routing table and wont take PBF. untill the aplication identified. in this case as it is Panorama traffc it is never ending traffic.
So this stayes at 1 ISP only( Not the ISP we define in PBF) . We have to manually kill Session an then next sessio will take 2 nd ISP.

2) another scenarion, lets assume my 1st ISP down, then panorama traffic will take 2nd ISP( non prefereed). But even if 1st ISP came up also, as panorama is never ending session, it will continue on 2 nd ISP untll we clear manually.

Can any one have suggestions on this.

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
2 REPLIES 2

Cyber Elite
Cyber Elite

Hi

 

Unfortunately i don't think there's an easy fix as the backend connection to panorama is kept open continuously

You could try setting a static route for a single IP instead of the PBF policy for this specific issue

 

One bit of good new may be that the traffic to panorama should not be that big: when the session ends the today bytecount is added for the complete duration of the single session, which could be weeks to even months of data all added into 1 bytecount. if you do see excessive bandwidth usage, you can opt to tone down log forwarding to only the critical logs

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L1 Bithead

Two suggestions:  First, don't use application as a matching criteria in PBF.  As you indicated, it needs to look at some packets before it determines the application, by which time it's too late.  Instead, just use source & destination.

 

Second, if the fix above works, then your traffic monitoring rule should see that the ISP is down and automatically switch to the second ISP.

  • 1497 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!