High availability

High availability refers to the hardware configuration and settings that allow the firewall to continue functioning during a power loss, disk failure, or other event.

Note Support for HA varies according to device model. Check your device specifications.

To ensure continuous service, devices are deployed in a cluster. When the primary device in the cluster fails, the auxiliary takes over so that there is no interruption of firewall protection. The devices are physically connected over a dedicated HA link port.

You can check the HA status in the control center.

The process by which a device takes over when it does not receive communication from its peer within the specified time is known as device failover.

Peers in an HA cluster continuously monitor the dedicated HA link and the interfaces configured to be monitored. If any monitored port goes down, the device will leave the cluster and link failover will occur.

During device failover or link failover, session failover occurs for forwarded TCP traffic that is not passing through a proxy service except for the following: virus scanning sessions in progress, VPN sessions, UDP, ICMP, multicast, broadcast sessions, and proxy traffic.