The CN-series HSF cluster consists of a pool of CN-MGMT (management), CN-NGFW (dataplane), CN-GW (gateway) and CN-DB (database) pods connected by internal networks. The CN-MGMT pods provide the cluster management plane functionality The CN-NGFW pods provide the cluster data plane security functionality. The CN-GW pods are the entry point into the cluster and distribute traffic between the CN-NGFW pods. The CN-DB pods provide the central cluster session cache used by the CN-NGFW pods.

The CN-Series HSF supports two CN-MGMT containers that provide redundancy and availability. However, only one of the two CN-MGMT containers can take connections from CN-NGFW DPs. The connected CN-MGMT will run as a StatefulSet service to allow CN-NGFWs to connect only to the active CN-MGMT. The other CN-MGMT container will not connect to CN-NGFW containers unless the current CN-MGMT fails.