05-08-2023 05:00 AM
We have total 3 Interface , two ISP interface ( In router we have made them to act as Primary and Secondary) and one trust interface , now the confusion is I am trying to make if both ISP interface goes down , I need to make my trust interface also to goes down automatically by some monitoring feature. Is it possible to do that in Palo-Alto
05-09-2023 08:17 AM
Do you use a routing protocol like BGP or OSPF? If you use a standard Layer3/Layer2 interface and need to actually bring the interface down I think you'd have to script this check instead of being able to have the firewall do this itself.
05-09-2023 09:33 AM
Thanks for the response. No we are using static routes only. and we are using layer3 as interface. Don't we have interface monitoring functionality in Palo-Alto.
05-11-2023 12:35 PM
You certainly have link and path monitoring functionality, but that's more of a failover consideration. The firewall isn't going to shutdown an interface due to link monitoring or path monitoring on the route itself. It would either trigger a HA failover or remove the route, not shutdown the interface.
05-15-2023 10:15 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!