This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

static route with path monitor down not removing BGP route

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

static route with path monitor down not removing BGP route

Clint_UICCU
L1 Bithead

‎09-17-2025 09:12 AM

Hello,

I am having issues with trying to get failover setup between vendor routers. We have vendor provided routers at our hub site and at one of our branch sites. We would like to have the traffic be routed to the branch vendor router in the event the hub vendor router is offline. I have setup a static route on the hub firewall to the hub vendor router with path monitor. I have setup a static route on the branch firewall to the branch vendor router with no path monitor and the administrative distance higher than BGP. I have the vendor network prefix to redistribute in both the hub and branch in the panorama sdwan devices. The issue I am seeing is when the hub vendor router is offline, path monitor shows it down but the hub firewall route is still being used. The branch firewall is still trying to use the route to the hub firewall and not advertising its static route to the hub.  There must be something I am missing but not where else to look. I have included a generic diagram. vendor-router-failover.jpg

 

0 Likes Likes
1 REPLY 1

JayGolf
Community Team Member

‎10-10-2025 04:51 AM

Hi @Clint_UICCU ,

 

 

Are you still experiencing this issue?

 

 

On the hub:

 

Confirm the path monitor on the static route to the hub vendor router is actually causing the route to be removed from the hub's routing table when the vendor router is down. If not, the path monitor itself is not functioning as expected and I would recommend going over that config. When path monitoring fails, the static route should be removed from the routing table. Check the RIB and the FIB to ensure its not in play anymore. 

 

Verify that if the static route is being removed, the hub's BGP redistribution is correctly withdrawing that route from its BGP advertisements.

 

On the branch:

 

Ensure the static route to the branch vendor router is correctly redistributed into BGP. Next, verify that the BGP export policy on the branch firewall permits the advertisement of this static route to the hub as well as make sure your higher AD is committed successfully. 

 

This should point you towards the right direction in figuring out where exactly this process is failing.

 

 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 293 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks