PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PBF with Dual ISP. Once Enabled GlobalProtect Clients no longer can connect.

L0 Member

We have setup a PBF to route traffic to a new ISP link we have in case our primary fails.  

 

Both ISP interfaces are in one virtual router.

 

Once we change the default route to the Backup ISP and enable the PBF to forward all traffic to the Primary unless it fails, users can no longer connect to our GlobalProtect portal with the GlobalProtect client.

 

I know it is because of the new default route pointing at the secondary ISP, but is there a route I can create to fix?

 

 

3 REPLIES 3

L6 Presenter

Hi,

 

create 2 virtual routers with 2 seperate default gateways.That will be better. you can then create 2 different global protect 1 for main,1 for second isp.your Lan and isp1 will be at default, your isp2 will be at new virtual router.Then you will also add a LAN- next vr default vr route at new virtual router.

 

you can use pbf for main with monitor and 2nd pbf rule will route clients to isp2

 

 

Regards

 

Cyber Elite
Cyber Elite

@blohrer,

Unless you are advertizing the same range with both ISPs then I would do exactly what @panos is recommending. 

L0 Member

The only thing I have tried as of yet, is to move the Global Protect Gateway and Portal to the ISP two connection.  When I did this, the clients could successfully connect.  The only problem I had at that point was that once connected, the users could not access the local network.

 

The VPN is used by a small number of users.  The second ISP is only used to roll over for outbound access for internal users.

 

Is there a routing issue I am missing to allow the VPN to work on the second ISP?

  • 4056 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!