Thursday, February 4, 2021

Palo Alto, PBF and NAT?

Hi all,

I'm currently setting up a location with dual ISPs for redundancy's sake and as such I've went down the route of utilising PBF for failover but I'm having what I believe are NAT issues.

Currently, with PBF, traffic goes from Eth1/2 to Eth1/1 which is inside to outside. All is well.

When I fail over to let my routing table take over, outside traffic is supposed to leave through Eth1/4 but I believe it's still NATing traffic through Eth1/2; if I remove the NAT rule from Eth1/1 to Eth1/2, traffic starts flowing as intended through Eth1/4.

I feel like I'm missing a step but the documentation on Palo Alto's website is quite straight forward: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/policy/policy-based-forwarding/use-case-pbf-for-outbound-access-with-dual-isps.html

Has anyone ran into this issue before and could possibly help?

Many thanks.

Edit: To add, this is all on the same virtual router.



No comments:

Post a Comment