Hello, Global Protect with 2 ISP require 2 Virtual Routers. On each Virtual Router you will have one Default Route (not 2). You will need to configure 2 portals , 2 gateways, both pointing to the same Zone. You will need also configured routes from Secondary VR to your local Trust Interfaces, and all other networks that will terminate on VR1. You will need to create Primary PBF rules from any local Zone and Negate local Destination Addresses and forward to VR Egress Interface IP and the same for Secondary ISP (PBF) and enforce symmetric return. You will need to create 1 NAT for ISP1 allowing local zones to get out and the same for Secondary ISP. After that you can configure external DNS pointing to vpn.mycompany.com ISP1 and vpn2.mycompany.com ISP2. Both of them will be active all the time. you will be able to choose which portal you would like to connect. All local traffic will failover between VR and you don't need to create any extra Security policy since all zones are the same. I deploy this scenario multiple times and it is working really good.
... View more