the customer have added a extra isp router which i need to route a certain subnet through it for internet , the problem the default route 0.0.0.0/0 already route interent through the old outside interface , how do i route the specific inside subnet to the internet through the second outside interface?
you can set up policy based forwarding to direct a certain subnet to the second router
@chuckles He is a very nice article explaining how to set it up:
that article is complicated and also not my goal as i dont want a primary and secondary isp , i want to use a certain subnet to use a second isp , do i do that by policy forwarding on the palo alto? do i create a rule with the inside subnet as source and destination as any , then set the egress interface to the second isp outside interface and the second hop as the isp router public ip which is directly connected?
will i need to nat "PAT" from inside to outside with the second outside interface? will i need a security rule as well from inside to second outside interface? please help
You won't need PAT ( Unless there is a specific application )
You almost certainly will need an outbound NAT though.
You will need a mathcing security rule.
On the PBF just
set the source address and zone to match the required internal subnet.
set the destination as any
set the application as any ( unless you only want certain traffic to go out this way)
set the egress interface on the new service with the next hop as the outside router.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!