01-06-2021 09:38 AM
HQ Network and Remote Network location are always through MPLS
PBF is configured with path monitoring for forwarding via MPLS and if mpls fails
traffic will be through ipsec_1 tunnel according to pbf created in palo alto.
How to configure in palo alto if both ipsec1 and mpls down so that traffic should pass through ipsec_2
01-07-2021 04:28 PM
yes
the pbf rules can be set sequentially and will each perform monitoring to verify if they should be active, as long as 1 is active, 2 will not be hit, when 1's monitor fails 2 takes over and 3 will not be hit, as soon as 2's monitor fails it too will stop functioning and 3 will take over as last resort
lastly you can still resort to a static route
01-07-2021 05:49 AM - edited 01-07-2021 05:51 AM
adding another PBF should do the trick (if the first bpf is set to a path monitor profile with fail-over as the action)
01-07-2021 06:02 AM
Create a PBF for MPLS and configure the monitor failover
create a PBF for IPSEC-1 and configure the monitor failover
then create PBF for IPSEC-2. (in this case, if mpls link and IPsec-1 link down then traffic will fail back to ipsec-2 )
Is it right ?
01-07-2021 04:28 PM
yes
the pbf rules can be set sequentially and will each perform monitoring to verify if they should be active, as long as 1 is active, 2 will not be hit, when 1's monitor fails 2 takes over and 3 will not be hit, as soon as 2's monitor fails it too will stop functioning and 3 will take over as last resort
lastly you can still resort to a static route
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
