Monitor multiple IPs in a PBF rule?

L2 Linker

Monitor multiple IPs in a PBF rule?

Running 8.0.x on our PA-3020 and PA-220 systems. 


In our virtual routers, we can path monitor with multiple IP addresses and take action on AND or OR conditions, but PBF still seems to be limited to a single IP. I'd love to be able to monitor multiple IPs in a PBF rule. Is this possible, is it coming, or is there a workaround?





Cyber Elite


As for a workaround, we would probbly need to know what you are trying to achieve. I solve most of my routing issues with dynamic routing and weighted routes.



L2 Linker

Good point. Here's what's going on. 


We have two ISPs, one primary and one failover (ECMP is a disucssion for another day). We do the failover in the virtual router using weighted routes, where we monitor the primary connection using path monitor with several IPs to make sure that if connectivity to just one of those IPs (even if it's anycast or similar) goes down, we don't failover. 


As it turns out, our slower, secondary ISP is more reliable than our faster primary ISP. We want to send our SIP VoIP traffic over slower backup ISP.  By making a PBF rule I get all sorts of control over the zone, protocols, addresses, etc.. and can send the SIP traffic over the backup ISP. As it turns out, at the moment, we're just using a destination address group, not protocols. I was consdering switching the PBF rule to be based on source address and protocol so that if the SIP provider decides to update its IPs without telling me, or if I miss the notificaiton, I don't have to adjust anything. 


The SIP provider has four IP addresses currently. I imagine I could put those four as static rules in the virtual router and then use path monitroing for each one of them, but would really just prefer to use the PBF rule with more than one monitored IP address so that we get a little redunancy in checking if the connection is up like we would with path monitoring in a static route.


Any suggestions are welcome :-)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!