03-17-2020 12:45 PM - edited 03-22-2020 03:03 PM
Hello,
we have 2 palo 850 with 2 isp:
primary 1.1.1.1/28
backup 2.2.2.2/28
most of the zones navigate with the primary and few with the backup
We have a failover to the backup in case the primary isp goes down.
We have globalprotect portal and gateway with a loopback interface all on the primary (1.1.1.5/32) vpn.domain.it
This days we are all smartworking because of the global pandemie ,conected via the global protect client .
Our concern is that if the primary isp goes down we have to suspend our smartworking because we can not connect anymore .I read the discussions and documentation on multiple isp globalprotect configuration faillover and all talk about configuring 2 VR and i must say that they are too complicated for my level of knowledge and i don't want to mess up the actual working configuration.
In order to solve the problem i tryed to clone the portal gateway and loopback on the backup isp(2.2.2.5/32)vpn2.domain.it, but it doesn't work. I see the requests in allow but aged-out. Where am i wrong? Is it possible to have a seccond globalprotect vpn gateway?
