Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-12-2011 10:41 AM
@bwilliams2:
You can certainly have two active ISP connections and route traffic to each ISP using Policy Based Forwarding and/or dynamic routing protocols.
What are you hoping to accomplish with your two ISP setup?
-Benjamin
05-12-2011 10:41 AM
@bwilliams2:
You can certainly have two active ISP connections and route traffic to each ISP using Policy Based Forwarding and/or dynamic routing protocols.
What are you hoping to accomplish with your two ISP setup?
-Benjamin
05-12-2011 11:50 AM
Will you be setup on BGP multihoming or will you just have two 0.0.0.0/0 routes?
05-12-2011 12:23 PM
@bpappas:
The goal is to ensure we are "always" connected. With the shift to the cloud we do not want to limit our connection to one ISP.
@cityofkindsland
I am not sure about the routing at this point. I think I am going to push for a failover connection as apposed to an active-active connection. I am hoping to find an ISP that will allow us to use them on a retainer basis and only pay full price when we reach X amount of data or something along though lines.
Thanks.
05-12-2011 12:30 PM
failover is a great way to go! cost savings are great compared to paying for another full service line.
to do this you will go to your virtual router, enter in a 0.0.0.0/0 route out to your failover line with a higher administrative distance than that of your existing link (which should be already set to be 1)
This tells the router use the primary link until it it no longer reachable, after that link goes down use backup link.
Good Luck, let me know if you need anymore help configuing this!
09-07-2011 08:54 AM
The plan now is move forward with dual ISP's and have both active and load balanced.
Is it possible to load balance outgoing connections?
09-07-2011 09:35 AM
Currently there is no way to load balance outgoing connections.
You can use PBF for failover but nothing more.
09-07-2011 09:41 AM
I think with PBF you can only load-balance manually, e.g. choose which (apps/source/destinations) to send via which route. We looked into this in the past and realized that to do this properly you need another device, like an F5 box.
09-07-2011 10:52 PM
Proper load balancing would require ECMP or per-packet/per-flow load balancing. PAN does not support that at this time. So that means unless you want to use PBF to selectively route traffic over one link or the other, you cannot utilize both ISP links at same time.
-Richard
11-05-2015 06:41 PM
Helo rkim...
Is is still not possible to implement dynamic load balancing with PAN? What about ECMP in PAN OS 7.0.3?
Even when Palo Alto Networks is a visibly higher security solution, many of our competitors offers load balancing and fault tolerance with their NGF boxes.
Best Regards
11-06-2015 01:23 AM
Hi,
As of PanOS 7.0, ECMP is indeed supported :
Regards,
-Kim.
09-06-2017 03:30 AM
ECMP in OS 8 is good with path monitoring that can monitor heartbeat of multiple link .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
