Session resiliency allows the VM-Series firewall deployed in a cluster on AWS or GCP to maintain session continuity during a failure event. The AWS Gateway Load Balancer (GWLB) and GCP Network Load Balancer (NLB) can detect and deregister unhealthy VM-Series firewalls deployed in a horizontally scalable cluster behind. With session resiliency enabled, the GWLB and NLB can rehash existing traffic sessions flowing toward an unhealthy VM-Series and redirect the traffic to a healthy VM-Series firewall.

To maintain sessions failing over to healthy VM-Series firewalls, you must deploy a Redis cache accessible to your VM-Series firewalls— ElastiCache for Redis for AWS and Memorystore for Redis for GCP. The Redis cache maintains session information. When your load balancer detects an unhealthy VM-Series firewall, the load balancer rebalances traffic to a healthy VM-Series firewall. The healthy VM-Series firewall accesses the Redis cache for session information and continues to inspect and forward the existing traffic.

Enable session resiliency on the VM-Series firewall by passing the configuration as part of a bootstrapping init-cfg.txt file or in the user data field using the following new parameters.