High Availability Overview¶
High Availability (HA) allows established IPsec tunnels to failover without needing to re-negotiate when an Active/Standby transition happens. The new Active device already has a copy of the security associations and is aware of the message states, so is able to maintain the connection.
HA has several requirements to work correctly:
Only IKEv2 tunnels support HA failover.
Mirroring must be setup on the HA peers.
All IKEv2 tunnels are configured to use a floating self IP.
IKEv1 tunnels can exist alongside IKEv2 tunnels, however mirroring and HA failover only works for IKEv2.
Review the HA Configuration page to see information about verifying those requirements.
Review the View HA State page to see information about verifying whether HA is working.