I was thinking about PBF option as well but as you stated it is actually for vice versa option as you can only specify one default gateway for the client in the "trust" zone. Just thinking how the client is going to change a DG if one link is failing. No VRRP option available or possible here 🙂 One device so not much what we can do. Thinking about this:
But l am not very familiar with this protocol and if it works in Layer 3 with one IP, so cannot comment much
Depend what you are looking for:
- Use Policy Based Routing: Activ/Passiv or Activ/Activ - and you choose which traffic on which link
- Use Link Layer Distribution Protocol - act like load balancing by defining two route with same weight
you don't need to set a default gateway for the internal subnets, a simple subnet route will suffice: Policy Based Forwarding bypasses route lookups when it is active for a session
from the perspective of the pbf configuration the public side can be treated as the local network and the 2 routes as the dual-isp
-set a pbf with monitor pointed at the primary link
-set a normal route to the secondary link
since NAT rules are zone based, you can et the external zone to zone1 and the 2 internal interfaces to zone2, that way your NAT rule will always apply, regardless of the internal interface in use
then have pbf route traffic to the primary link if the monitor is up, and a static route be backup for the secondary link if the pbf monitor fails
- During the failover from the primary interface to the backup, existing sessions will fail out due to them being bound to the interfaces, but the new sessions will simply pick up as expected, using the same NAT rule
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!