Achieving firewall high-availability in Azure with F5
Background
Due to the lack of Layer 2 functions (e.g. ARP) in public Cloud provider networks, certain firewall vendors recommend achieving Firewall (FW) high-availability (HA) through the use of l...
Published Jun 15, 2018
Version 1.0
Thanks for the feedback, Raymond! My apologies for the late response - just got back from my holidays.
I believe this should work for the API based HA as well. I checked internally, the way we do HA in Azure is that we literally remove IP config's for secondary IP's from the going-down unit and recreate them on the new active unit.
However, we may need to create another entry for UDR to accommodate the self-ip of the second unit, as the self-ip's are primary IP of the interface in Azure VM, which are not affected by failover API.