I’ve got a pair of HA 5250 Palo Alto Firewalls that connect to a set of IRF linked HP outside routers and then to our ISPs, we have two that are the same size pipe and one router connects to one CPE and the other data center to another. We let it free flow with BGP and it’s been working pretty well the last 8 months.
The issue I’m noticing is when I drop out one of our ISPs for maintenance, the VPN client using that ISP doesn’t notice it went down and users can’t connect to our resources. Is there an easy way of link monitoring or setting within the PA I can do between the outside router (which would know the cpe is down) and firewall to force the client to reconnect?
No comments:
Post a Comment