we have 2 palo 850 with 2 isp:
most of the zones navigate with the primary and few with the backup
We have a failover to the backup in case the primary isp goes down.
We have globalprotect portal and gateway with a loopback interface all on the primary (220.127.116.11/32) vpn.domain.it
This days we are all smartworking because of the global pandemie ,conected via the global protect client .
Our concern is that if the primary isp goes down we have to suspend our smartworking because we can not connect anymore .I read the discussions and documentation on multiple isp globalprotect configuration faillover and all talk about configuring 2 VR and i must say that they are too complicated for my level of knowledge and i don't want to mess up the actual working configuration.
In order to solve the problem i tryed to clone the portal gateway and loopback on the backup isp(18.104.22.168/32)vpn2.domain.it, but it doesn't work. I see the requests in allow but aged-out. Where am i wrong? Is it possible to have a seccond globalprotect vpn gateway?
So after hours of tests i ended up with this problem. I configured and test The solution of using 2 virtual router( i can connect with Globalprotect client) but i have The problem that alll routes are on The first VR so i cant reach my lan. I backend up and restore The configurații with one router but în this case it has 2 0.0.0.0/0 routes for each ISP controlled by metric so i think it only works when The primary ISP goes down. I Reed somethig about dynamic routing and ospf but i cant understand how to make it work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!