>
    Strata Copilot
    Active/Passive HA Model
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on Google Cloud Platform
    4. Deployment Models for VM-Series on GCP
    5. Active/Passive HA Model
    Download PDF
    VM-Series

    Active/Passive HA Model

    Table of Contents

    Active/Passive HA Model

    Use VM-Series firewall belongs manage instance groups across separate zones using load balancers.
    Where Can I Use This?What Do I Need?
    • Google Cloud Platform (GCP)
    • VM-Series License (PAYG or BYOL)
    • VM-Series plugin
    • Panorama
    • Panorama plugin for GCP
    In the active/passive HA model, each VM-Series firewall belongs to an unmanaged instance group across separate zones within the same region. Only the primary (active) VM-Series firewall receives network traffic from Google Cloud load balancers. The health check configured on the load balancers determines the HA state of the primary VM-Series firewall. If the health check fails on the primary VM-Series firewall, the load balancers use connection tracking to carry the active sessions to the secondary VM-Series firewall. At that point, the secondary VM-Series firewall becomes the primary firewall while maintaining session continuity.
    This model is suited for environments with any or all of the following requirements:
    • Maintaining session continuity through stateful failover between the VM-Series firewalls.
    • Horizontal scaling of the VM-Series for performance is not required.
    • Inability to centrally manage the firewalls using Panorama or Strata Cloud Manager.
    • Establishing IPsec tunnels through the load balancers to the VM-Series firewall.
    • Preserving the original client IP address for internet inbound traffic to internal applications protected by the VM-Series firewalls.
    For more Information, see:
    • After deploying the VM-Series firewall, the load balancer's health checks will only pass on the active VM-Series firewall. This is because the dataplane of the passive firewall is inactive and is unable to pass the health checks. During a failure event, when the passive firewall becomes active, along with its dataplane, the health checks will pass.
    • Unlike the autoscale model which uses a Cloud NAT or public IP address, traffic outbound to the internet from the trust VPC uses a forwarding rule on the external load balancer as the translated address.

    © 2026 Palo Alto Networks, Inc. All rights reserved.