Prisma AIRS
What is an HSF Cluster?
Table of Contents
What is an HSF Cluster?
HSF comprises a collection of closely integrated AIRS firewall instances, offering
elasticity, scalability, high throughput, and robust firewall capabilities.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
HSF comprises a collection of closely integrated AIRS firewall instances, offering
elasticity, scalability, high throughput, and robust firewall capabilities. HSF provides
auto-scalable firewall instances and automated session redistribution across cluster
nodes. It supports up to 10 nodes and is scalable to 200 Gbps of throughput. An HSF
Cluster is orchestrated and managed through Panorama.
Architecture of an HSF Cluster
The HSF architecture supports various interface types, including vWire, Layer2, and
Layer3, and offers features such as NAT support, SSL decryption, dynamic routing,
and IPSec support.
P-Nodes can handle normal throughput and auto-scale S-Nodes to manage
fluctuations in traffic. The P-Nodes are not an optional component and act as
gateways to the cluster, while the S-Nodes are deployed in the back-end for
auto-scaling during burst scenarios.
You can deploy P-Nodes and S-Node in the same or separate hosts. The
cluster can be exposed as a single IP using ECMP, eliminating the need for
third-party external load balancing. Each session has a primary P-Node owner and a
backup P-Node (automatically handled by cluster logic), ensuring high availability
and seamless failover. The back-end S-Node serves all P-Nodes for improved
performance.
The P-Nodes and S-Node require multiple interfaces for management, traffic,
and cluster links, while the other instances are allocated to P-Nodes.