Network Packet Broker HA Support
In addition to the path and latency health
monitoring available in the Packet Broker profile to protect against security
chain failures, you can also configure
High Availability (HA)
on firewalls that have Network Packet Broker forwarding interfaces
to protect against firewall failures. Configuring both path monitoring
and HA protects not only against security chain failures but also
against firewall failures.
Network Packet Broker supports Active/Passive HA pairs. Active/Active
HA pairs are not supported because the dedicated broker forwarding
interfaces must be specified in the Packet Broker profile.
After a failover, decrypted SSL traffic is reset because SSL
state isn’t synchronized between HA nodes. Cleartext traffic resumes
if the session is correctly synchronized and the TCP sequence is
correctly relearned.