We would like implement multiple active ISP's. There would be two ISP with each being a different provider.
It appears you can have a redundant setup with multiple ISP, but can you have two active?
Solved! Go to Solution.
The goal is to ensure we are "always" connected. With the shift to the cloud we do not want to limit our connection to one ISP.
I am not sure about the routing at this point. I think I am going to push for a failover connection as apposed to an active-active connection. I am hoping to find an ISP that will allow us to use them on a retainer basis and only pay full price when we reach X amount of data or something along though lines.
failover is a great way to go! cost savings are great compared to paying for another full service line.
to do this you will go to your virtual router, enter in a 0.0.0.0/0 route out to your failover line with a higher administrative distance than that of your existing link (which should be already set to be 1)
This tells the router use the primary link until it it no longer reachable, after that link goes down use backup link.
Good Luck, let me know if you need anymore help configuing this!
I think with PBF you can only load-balance manually, e.g. choose which (apps/source/destinations) to send via which route. We looked into this in the past and realized that to do this properly you need another device, like an F5 box.
Proper load balancing would require ECMP or per-packet/per-flow load balancing. PAN does not support that at this time. So that means unless you want to use PBF to selectively route traffic over one link or the other, you cannot utilize both ISP links at same time.
Is is still not possible to implement dynamic load balancing with PAN? What about ECMP in PAN OS 7.0.3?
Even when Palo Alto Networks is a visibly higher security solution, many of our competitors offers load balancing and fault tolerance with their NGF boxes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!