This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PBF and failover

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PBF and failover

Go to solution
ClintL
L2 Linker

‎11-07-2014 04:04 PM

Hello all,

I had a question regarding PBF and how the failover works.

I have Internet circuit A and Internet circuit B, each through a different ISP.  All traffic and VPN tunnels go through circuit A.  I create a PBF rule to route web-browsing and ssl traffic only (using application-default) through circuit B.  It is my understanding that failover occurs when it cannot ping the gateway or whatever IP address you specify.  My question is, with my current scenario, which circuit is it using to initiate the ping?  Say it uses circuit A to initiate the ping and that circuit fails.  Wouldn't it try and failover the circuit even though circuit B is still up?  Keep in mind that you cannot create a PBF rule for the ping application as far as I know.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
hshah
L6 Presenter

‎11-07-2014 07:12 PM

Hi ClintL,

It takes egress interface of PBF rule. In this case its Circuit Bs Egress interface. Kindly refer following diagram.

Where is Policy Based Forwarding (PBF) Monitoring Traffic Sourced From?

Regards,

Hardik Shah

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
HULK
L7 Applicator

‎11-07-2014 05:12 PM

Hello ClintL ,

Could you please go through this DOC, it might give you the detail working flow for PBF with failover: How to Configure ISP Redundancy and Load Balancing

Thanks

Go to solution
ssharma
L5 Sessionator

‎11-07-2014 05:30 PM

Hi Clint,

It will use Circuit B to ping the address you specify. Once the address is not reachable it will fail back to Circuit A and your web-browsing and ssl traffic will also route through Circuit A.

Also when you define PBF, I would suggest configuring it using just the destination port 80 and 443 and not web-browsing and ssl, as application recognization will take few packets back and forth. Hope this helps. Thank you.

Go to solution
hshah
L6 Presenter

‎11-07-2014 07:12 PM

Hi ClintL,

It takes egress interface of PBF rule. In this case its Circuit Bs Egress interface. Kindly refer following diagram.

Where is Policy Based Forwarding (PBF) Monitoring Traffic Sourced From?

Regards,

Hardik Shah

0 Likes Likes
  • 1 accepted solution
  • 3526 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks