Active-Active Failover
Prior to version 7.0, a security administrator could only have one Security Appliance actively
passing user traffic, while keeping a second Security Appliance in standby mode, only to be
activated during a failure. With active-active failover, both Security Appliances are active and
passing user traffic, while still acting as standby Security Appliances for each other. This
feature can only be using in conjunction with virtual firewall contexts.
To enable active-active failover, create two virtual contexts in the primary and secondary
Security Appliances participating in active-active failover. In the primary Security Appliance,
virtual context 1 is designated as the active context. Virtual context 2 will be designated as
the standby context. Each context will peer with a context on the secondary Security
Appliance. In Figure 12-1, context 1 on the primary Security Appliance peers with context 2
on the secondary Security Appliance. Context 2 on the secondary Security Appliance is
designated as a standby context for the primary Security Appliance’s context 1.