No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Customer need to add 3rd ISP Link on AR Gateway but he don't have available ports on AR , so he need to add one more ISP link on the firewall

Publication Date:  2019-07-19 Views:  347 Downloads:  0

Issue Description

Customer need to add 3rd ISP Link on AR Gateway but he don't have available ports on AR , so he need to add the 3rd ISP link on the firewall to allow specific Subnet on His WLAN Network to access through the New ISP link , accordingly we added Configuration  on the FW to allow One Subnet of WLAN Users to access this New ISP Link on Firewall

Alarm Information


Handling Process

1- Check the configuration on the All Down stream devices of the FW to confirm that the WLAN Subnet 24 /Vlan41 can reach normally to firewall

Root Cause

New Solution


1.      Configure the interface that connect to ISP 3;

2.      Configure the NAT policy;

3.      Configure the PBR.

X.X.X.X is the ISP IP you will take form Servicer provide on the FW side

Y.Y.Y.Y is the Next hop ISP IP at Service provider Side .

Interface GigabitEthernet1/0/8  is one of free interfaces on FW I Used to make a Simulation as Interface which will connects to 3rd ISP Link .


interface GigabitEthernet1/0/8

undo shutdown

ip address x.x.x.x


firewall zone untrust

add interface GigabitEthernet1/0/8



  rule name policy_nat1

    source-zone trust

    destination-zone untrust 

    source-address 24  

    action nat easy-ip


ip-link check enable

ip-link name pbr_1

  destination y.y.y.y interface GigabitEthernet 1/0/8



rule name pbr_1

  description pbr_1

  source-zone trust

  source-address 24

  track ip-link pbr_1

  action pbr next-hop y.y.y.y




1- check first the configuration Specific Subnet and VLAN for Users on the Access controller 

2- Check on the DHCP Server device for the Users if Subnet is correctly configured + Vlan configuration "Core switch on our Example"

3- Configure PBR to match the source subnet Requirements as desciped on The full solution