Use Case: Configure Active/Active HA with ARP Load-Sharing

In this example, hosts in a Layer 3 deployment need gateway services from the HA firewalls. The firewalls are configured with a single shared IP address, which allows ARP Load-Sharing. The end hosts are configured with the same gateway, which is the shared IP address of the HA firewalls.
HA_ARP_load_sharing.png
  1. Perform Step 1 through Step 15 of Configure Active/Active HA.
  2. Configure an HA virtual address.
    The virtual address is the shared IP address that allows ARP Load-Sharing.
    1. Select
      Device
      High Availability
      Active/Active Config
      Virtual Address
      and click
      Add
      .
    2. Enter or select an
      Interface
      .
    3. Select the
      IPv4
      or
      IPv6
      tab and click
      Add
      .
    4. Enter an
      IPv4 Address
      or
      IPv6 Address
      .
    5. For
      Type
      , select
      ARP Load Sharing
      , which allows both peers to use the virtual IP address for ARP Load-Sharing.
  3. Configure ARP Load-Sharing.
    The device selection algorithm determines which HA firewall responds to the ARP requests to provide load sharing.
    1. For
      Device Selection Algorithm
      , select one of the following:
      • IP Modulo
        —The firewall that will respond to ARP requests is based on the parity of the ARP requester's IP address.
      • IP Hash
        —The firewall that will respond to ARP requests is based on a hash of the ARP requester's IP address.
    2. Click
      OK
      .
  4. Commit
    the configuration.
  5. Configure the peer firewall in the same way, except selecting a different Device ID.
    For example, if you selected Device ID
    0
    for the first firewall, select Device ID
    1
    for the peer firewall.

Related Documentation