Public Cloud SD-WAN High Availability (HA)
Focus
Focus
What's New in the NetSec Platform

Public Cloud SD-WAN High Availability (HA)

Table of Contents

Public Cloud SD-WAN High Availability (HA)

Deploy High Availability in your SD-WAN cloud interfaces.
You can now reduce complexity and increase resiliency by adding high availability to your SD-WAN for next-generation firewall public cloud deployments. Configure up to four IP addresses per SD-WAN interface, allowing you to deploy SD-WAN on public clouds to achieve failover in high availability active/passive configurations. Minimize the downtime and ensure session survivability using the active/passive HA failover in public cloud SD-WAN environments.
Currently, you can avail this feature on deployments using VM-Series in Azure and AWS public cloud HA environments by configuring a second floating IP address on the SD-WAN interfaces. The floating IP on the SD-WAN interface of the external zone must match with that of the internal zone. In the illustration, observe that 10.0.2.100 is the common floating IP between the external and internal zones during a HA failover.
This feature is supported on PAN-OS 11.1.0 and above and on IPv4 addresses only.
The following illustration is an example of VM-Series deployment in Azure HA A/P topology and shows how the secondary floating IP address is from the same subnet and applied to both trust and untrust zones of the SD-WAN interface.
In AWS instances, you can configure HA A/P failover using multiple ways, one of which is using a second IP address that acts as the floating IP.