Thank you for the Video. Have a query I have default route pointing to WAN1 and i wanted to introduce one more ISP for specific LAN segment Ill be creating PBR - Matching source and WAN2 Interface Do i need give one more default route pointing to WAN2 with more AD value. Thanks in advance.
If you want to route some specific traffic from any source network via WAN2 , then Pbr will work . For redundancy you can have primary default route from wan1 and secondary default from wan2 .
Hi brother, we have two wan links load balancing firewall traffic. Recently one of our ISPs got an issue with udp_41700.right now I created PBR certain udp traffic passed to wan1 instead of wan2 my question if the wan1 link is down how the udp traffic passes the firewall. Does it go to wan2?
The PBR will force the firewall to check the PBR routes before the configured static/dynamic routes. If any of your ISP fails (eg. gateway unreachable) will not cause this route to go inactive. hence any traffic matching the criteria will still use the route where lets say ISP have issue. It is only when the interface where the ISP is configured is down, which cause the route to go inactive. So my suggestion is to monitor the link health to activate/deactive the routes, if you are looking for automated traffic switch over over two ISPs in preemptive manner. To answer your question, 1) PBR for link 1 2) Static/dynamic route for link2 , the traffic will fall back to static/dynamic route if the link 1 is down.
Traffic Queuing is a different concept all together. PBR helps us take decisions based on pre- route look up. PBR route look also happens in top to bottom manner before route look can happen.
Hello brother thanks for the explanation But I want ask one thing where can I get virtual firewall machine where I can test my configuration For example Cisco packet tracer for testing switch and routers Please suggest some open source software or paid software for that.
Thank you for the Video.
Have a query
I have default route pointing to WAN1 and i wanted to introduce one more ISP for specific LAN segment
Ill be creating PBR - Matching source and WAN2 Interface
Do i need give one more default route pointing to WAN2 with more AD value.
Thanks in advance.
If you want to route some specific traffic from any source network via WAN2 , then Pbr will work . For redundancy you can have primary default route from wan1 and secondary default from wan2 .
@@sumitnick4
Thank you so much for kind help and quick response.
Hi brother, we have two wan links load balancing firewall traffic. Recently one of our ISPs got an issue with udp_41700.right now I created PBR certain udp traffic passed to wan1 instead of wan2 my question if the wan1 link is down how the udp traffic passes the firewall. Does it go to wan2?
The PBR will force the firewall to check the PBR routes before the configured static/dynamic routes. If any of your ISP fails (eg. gateway unreachable) will not cause this route to go inactive. hence any traffic matching the criteria will still use the route where lets say ISP have issue. It is only when the interface where the ISP is configured is down, which cause the route to go inactive. So my suggestion is to monitor the link health to activate/deactive the routes, if you are looking for automated traffic switch over over two ISPs in preemptive manner. To answer your question, 1) PBR for link 1 2) Static/dynamic route for link2 , the traffic will fall back to static/dynamic route if the link 1 is down.
Will it still work if you just use the gateway IP only and exclude outgoing interface?
yes it will.
What about if both of network goto the server? Can we config it like queuing packet or something?
Traffic Queuing is a different concept all together. PBR helps us take decisions based on pre- route look up. PBR route look also happens in top to bottom manner before route look can happen.
Hi! Is the ACL configuration in Cisco ASA the same with Firewall Policy configuration in fortigate
yea almost the same way!! both are interface based firewall unlike standard zone based firewall like SRX/PA/CP
Hello brother thanks for the explanation
But I want ask one thing where can I get virtual firewall machine where I can test my configuration
For example Cisco packet tracer for testing switch and routers
Please suggest some open source software or paid software for that.
not aware of any virtual environment. You may try eve-ng.
What's the difference between static and policy routing
PBR lookup happens before static route lookup
Will policy routes function if I don't have static routes? I have firewall policy.
If you have defined a reachable gateway then yes it should work .