This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Hello All, I have a scenario where I will be having two ISP's (ISP-A and ISP-B) connected to the PA Firewalls via eth1/1 and eth1/2 interfaces. Both these Interfaces will be in the same untrust-zone. ISP-A will be the primary one and ISP-B the backup with some prepends and local preference for incoming and outgoing traffic. However, ISP-B has confirmed that there will be cases where some external users using ISP-B will always prefer to come to Firewalls via ISP-B.This will cause an asymmetric routing where some of the incoming traffic is via ISP-B and outgoing is via ISP-A. Since both Interfaces are in the same-zone some users have confirmed that session will match and traffic won't drop and Palo can handle the return traffic. Has anyone configured similar setup successfully? Are there any gotchas with this kind of setup? If anyone can guide me to a formal Palo Guide would be vaulable too. Thanks AS
... View more