Enable Target Failover for Secure Firewall Threat Defense Virtual Clustering in AWS
The data interface of threat defense virtual is registered to a target group of GWLB in AWS. In the threat defense virtual clustering, each instance is associated with a Target Group. The GWLB load balances and sends the traffic to this healthy instance identified or registered as a target node in the target group.
Before you begin
You must have deployed the cluster in AWS either by manual method or using CloudFormation templates.
If you are deploying a cluster using a CloudFormation template, you can also enable the Target Failover parameter by assigning the rebalance attribute that is available under GWLB Configuration section of the cluster deployment file, deploy_ftdv_clustering.yaml. In the template, by default, the value is set to rebalance for this parameter. However, the default value for this parameter is set to no_rebalance on the AWS console.
Where,
-
no_rebalance - GWLB continues to send the network flow to the failed or deregistered target.
-
rebalance - GWLB sends the network flow to another healthy target when the existing target is failed or deregistered.
For information on deploying stack in AWS, see:
Procedure
Step 1 | On the AWS Console, go to Services > EC2 |
Step 2 | Click Target Groups to view the target groups page. |
Step 3 | Select the target group to which the threat defense virtual data interface IPs are registered. The target group details page is displayed, where you can enable the Target failover attributes. |
Step 4 | Go to the Attributes menu. |
Step 5 | Click Edit to edit the attributes. |
Step 6 | Toggle the Rebalance flows slider button to the right to enable target failover to configure GWLB to rebalance and forward the existing network packets to a healthy target node in the event of target failover or deregistration. |