Use Case: Configure Active/Active HA for ARP Load-Sharing
with Destination NAT
This Layer 3 interface example uses NAT
in Active/Active HA Mode and ARP
Load-Sharing with destination NAT. Both HA firewalls respond
to an ARP request for the destination NAT address with the ingress
interface MAC address. Destination NAT translates the public, shared
IP address (in this example, 10.1.1.200) to the private IP address
of the server (in this example, 192.168.2.200).
When the HA
firewalls receive traffic for the destination 10.1.1.200, both firewalls
could possibly respond to the ARP request, which could cause network
instability. To avoid the potential issue, configure the firewall
that is in active-primary state to respond to the ARP request by binding
the destination NAT rule to the active-primary firewall.
The device selection algorithm determines which HA firewall
responds to the ARP requests to provide load sharing.
For Device Selection Algorithm,
select IP Modulo. The firewall that will
respond to ARP requests is based on the parity of the ARP requester's
IP address.