Focus
Focus
Table of Contents

Architecture

The HAVIP deployment architecture consists of two HAVIP interfaces and two VM-Series firewalls that are configured in active/standby HA mode.
One of the HAVIPs is configured with a public IP address (external HAVIP). The Untrust interface of each VM-Series firewall is bound to this external HAVIP. The other HAVIP ( internal HAVIP) does not have an attached public IP address. The Trust interface of each VM-Series firewall is bound to the internal HAVIP.
In this example, the External HAVIP is in the same subnet as the Untrust interfaces, while the Internal HAVIP is in the same subnet as the Trust interfaces.
  • The HAVIP address must be in the same subnet as the network interfaces that are bound to it.
  • Subnets in Alibaba Cloud cannot span multiple zones, so this solution will only work if both VM-Series firewalls are in the same Availability Zone.