This guide is a little bit different to my other Policy Based Forwarding blog post because it uses different virtual routers for both ISP connections. This is quite common to have a distinct default route for both providers. So, in order to route certain traffic, e.g., http/https, to another ISP connection, policy based forwarding is used.
There are two documents from Palo Alto that give advises how to configure PBF.
I am using a PA-200 with PAN-OS 7.0.1. My lab is the following:
(Note that, unlike Juniper ScreenOS, a zone is not tied to a virtual router. You actually can merge interfaces on different vrouters into the same zone. However, I prefer to configure an extra zone for each ISP to keep my security policies clearly separated.)
These are the configuration steps. See the descriptions under the screenshots for details:
Done.