For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Achieving firewall high-availability in Azure with F5

Background Due to the lack of Layer 2 functions (e.g. ARP) in public Cloud provider networks, certain firewall vendors recommend achieving Firewall (FW) high-availability (HA) through the use of l...

Published Jun 15, 2018

Version 1.0

Ret. Employee

Joined May 16, 2019

View Profile

Chris_Zhang

Ret. Employee

Joined May 16, 2019

View Profile

Chris_Zhang

Ret. Employee

Jul 10, 2018

Thanks for the feedback, Raymond! My apologies for the late response - just got back from my holidays.

I believe this should work for the API based HA as well. I checked internally, the way we do HA in Azure is that we literally remove IP config's for secondary IP's from the going-down unit and recreate them on the new active unit.

However, we may need to create another entry for UDR to accommodate the self-ip of the second unit, as the self-ip's are primary IP of the interface in Azure VM, which are not affected by failover API.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Achieving firewall high-availability in Azure with F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS