Prisma AIRS
What is a HSF Cluster?
Table of Contents
What is a HSF Cluster?
HSF comprises a collection of closely integrated AIRS firewall instances, offering
elasticity, scalability, high throughput, and robust firewall capabilities.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
HSF comprises a collection of closely integrated AIRS firewall instances, offering
elasticity, scalability, high throughput, and robust firewall capabilities. HSF provides
auto-scalable firewall instances and automated session redistribution across cluster
nodes. It supports up to 10 nodes and is scalable to 200 Gbps of throughput. An HSF
Cluster is orchestrated and managed through Panorama.
Architecture of a HSF Cluster
The HSF architecture supports various interface types, including vWire, Layer2, and
Layer3, and offers features such as NAT support, SSL decryption, dynamic routing,
and IPSec support.
AI-Gateways can handle normal throughput and auto-scale AI-DP firewalls to
manage fluctuations in traffic. The AI-Gateways are not an optional component and
act as gateways to the cluster, while the AI-DP firewalls are deployed in the
back-end for auto-scaling during burst scenarios.
You can deploy AI-Gateways and AI-DP in the same or separate hosts. The
cluster can be exposed as a single IP using ECMP, eliminating the need for
third-party external load balancing. Each session has a primary AI-Gateway owner and
a backup AI-Gateway (automatically handled by cluster logic), ensuring high
availability and seamless failover. The back-end AI-DP serves all AI-Gateways for
improved performance.
The AI-Gateways and AI-DP require multiple interfaces for management,
traffic, and cluster links, while the other instances are allocated to
AI-Gateways.