03-24-2023 11:10 AM
Greetings,
Looking for some assistance in a scenario below; keep in mind I do not have or wish to have SD-WAN
1. ISP1 services the inside and outside connections
2. ISP2 acts as a vpn portal for extenal staff to connect to the inside and route to ISP1
The problem.
I would like to force some of my inside servers (mainly backing up to the cloud) to use the outgoing connection of ISP2
I have a /29 address space for ISP1
Im think more towards the line of PBR however not sure if this is achievable.
03-24-2023 11:48 AM
With static routes in virtual router you can only route based on destination IP.
If you need to make decision based on source IP/Zone then yes PBF is your best option.
03-24-2023 05:58 PM
Thank you very much for your response. I was wondering if PBR would require me to create a seperate Virtual Router? Seeing i'm only allowed to have one 0.0.0.0/0 route I was thinking if I create another Virtual Router I could point that 0-Route to the interface of my secondary ISP?
03-24-2023 06:22 PM - edited 03-24-2023 06:23 PM
When Palo needs to check route where to send traffic iit first checks PBF and if there is no matching policy then it will fall back to virtual router.
PBF policies take precedence over virtual router.
PBF and virtual router are not anyhow paired together.
Just create PBF policy to route specific traffic over ISP2 and you are done.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
