In addition to the path and latency health monitoring available in the Packet Broker profile to protect against security chain failures, you can also configure High Availability (HA) on firewalls that have Network Packet Broker forwarding interfaces to protect against firewall failures. Configuring both path monitoring and HA protects not only against security chain failures but also against firewall failures.

Network Packet Broker supports Active/Passive HA pairs. Active/Active HA pairs are not supported because the dedicated broker forwarding interfaces must be specified in the Packet Broker profile.

After a failover, decrypted SSL traffic is reset because SSL state isn’t synchronized between HA nodes. Cleartext traffic resumes if the session is correctly synchronized and the TCP sequence is correctly relearned.