Thanks! Good manual!

But when i assign tracks to default routes i have error -

"More than one interface defined

SLA Monitor requires only one interface for route tracking
More than one interface defined for SLA Monitor which is referred by Static Route
Please select only one interface for SLA Monitor referred by Static Route"

Why in this video all good?

I found the problem. I have mistakes in security zones. So i have two interface in one security zones. Because of this tracking didn't assigning. Now all works! Thanks!

Hi @Maxim Kraev 

Did you managed dual ISP failover between 2 WAN links using FTD and managing the box using FMD manageled via the web ?

Hi Sir,

how did you actually make it work? I have tried on my FTD 7.0.1.1 and FMC7.0.1.1 but still the traffic still goes to the ISP1 and no traffic is going in to the ISP2. However my failover works well when i shutdown ISP1 all traffic goes to ISP2. 

can i ask a step by step process on this one? I tried watching the youtube video provided but i can barely understand what he is saying and the video is a bit blurry to watch.

thank you in advance sir more power

I know it is an old post but I agree, for one, you can not simply load balance NAT translations. But failover.

I agree because technically there is no load balancing happening within the config and the system, what really happened is you just divide manually the traffic of your inside lan to 2 outside interfaces. I really dont know why cisco cannot develop a system that can ratio the inside traffic to pass to your multiple outside interface automatically. In my experience with sonicwall NSA firewalls, they are capable of doing such ratio balancing depends on the percentage you assign to either outside interface and it works well but the downside of NSA's are they are too buggy sometimes.

Cisco has made a tactical decision not to pursue that feature set with their firewalls. They would prefer to sell you a Viptela or other SD-WAN solution to address that need (and increase revenue).

Right or wrong, that's how they do it and their profits and stock dividends tell them the market is rewarding that decision.

Thanks sir, is there a detailed document that can help me with this setup? i have tried watching the video link posted above but unfortunately the video is a bit blurry and i barely can understand his words and also he did not setup up everything from scratch that is why i am a bit confused,

Thanks in advance

UPDATE: i made it work just fine!

Hi Sir,

i have configured PBR via flex config and it works now. i have divided the traffic in to 2 and it was successful however only 1 traffic can connect to the site to site vpn and the other one cannot. 

i already added 2 vpn configurations for each traffic but still only one is going through? is there anything that i need to tweak to make the 2 traffic connected to the site to site vpn?

When traffic is being sent over a site-to-site VPN, it does so based on the first match to the crypto map ACLs in that section of the configuration. So it will not load balance that subset of your traffic.