Use Case: Configure Active/Active HA for ARP Load-Sharing
with Destination NAT
This Layer 3 interface example uses NAT
in Active/Active HA Mode and ARP
Load-Sharing with destination NAT. Both HA firewalls respond
to an ARP request for the destination NAT address with the ingress
interface MAC address. Destination NAT translates the public, shared
IP address (in this example, 10.1.1.200) to the private IP address
of the server (in this example, 192.168.2.200).
When the HA
firewalls receive traffic for the destination 10.1.1.200, both firewalls
could possibly respond to the ARP request, which could cause network
instability. To avoid the potential issue, configure the firewall
that is in active-primary state to respond to the ARP request by
binding the destination NAT rule to the active-primary firewall.