Policy based Forwarding with Palo Alto Firewalls
In this blog post, I would like to share how easy it is to move the failover routing decision making process from your internet edge routers to your awesome Palo Alto Firewall(s). Of course they are situations where it can be useful, especially when a company decides to use dual basic broadband connections for a super small micro remote office where the service provider only hands you static point to point public IPs. Lets get down straight to the configuration (Woof) : Policies > Policy Based Forwarding > Add As per any firewall policy, all policies are read top down the 1st policy should be for your most preferred link and your backup link policy must be configured just after it. Name: Give your policy a name Tags : Optional attribute to quickly find stuff when troubleshooting Zone/Interface : Incoming source packet zone(s) Address : Is this for a specific IP / if using PAT then (any) should suffice Destina...