05-22-2023 05:34 PM
Is it possible to redirect websites to route to our secondary data centre rather than our primary?
There is a PA850 at each of the sites, but for some reason our main data centre is being 403 Forbidden blocked, or being blocked for being behind a "vpn" which it isn't.
Basically I just want to set it up so if people go to www.example.com it will redirect to our secondary data center and exit via that PA's ISP link.
05-23-2023 09:14 AM
yes, but 'how' will depend greatly how both datacenters are connected and where www.example.com is hosted
you can use policy based forwarding to redirect the connection to site B, for example, and then on site B rely on regular routing and NAT to get to the site. It may require you to build a site to site tunnel if you don't have an interconnection yet
05-23-2023 03:56 PM
The datacentres are linked via MPLS and the core switches can see each other via BGP.
I tried to use PBF but most of these sites are using something like AWS where there have multiple IP addresses, and I couldn't seem to find a way to get the PA to use a URL rather than an IP address.
I wasn't able to forward any traffic even with using an IP address however - This is the first time I've tried to do any policy based forwarding.
05-24-2023 05:18 AM
You can't do routing based on URL.
You can do it using FQDN address objects.
If you did test using IP in PBF.
Did traffic reach to DR firewall?
What logs show? Was NAT applied to outgoing traffic?
Were there return packets in DR firewall? What about HQ firewall?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!