Having an issue where we implemented PBF for dual ISPs on an HA pair that already had inbound NATs configured.
When we did this the inbound NATs broke and I found this article:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClzeCAC which basically said to remove the interface from the PBF specific route which I did but that made no difference. In the end I had to disable 'Spoofed IP address' from the outside zone protection profile to get it working again.
Does anyone know why you can't have PBF, inbound NAT's and spoof protection enabled?
Pray tell how its handled by routing without running BGP between our multitude of carriers? And what is PBF if not routing?
Besides here is one of many PA articles outlining how to configure DUAL ISPs with failover using PBF: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/policy-based-forwarding/use-case-pb...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!