HA Group Limitations | Trend Micro Service Central

Views:

You should be aware of certain HA Group limitations.

Limitation	Description
NAT connections	NAT connection tracking will not be synchronized. When a gateway is switched, all connections will break.
Split brain issue	Cloud Edge gateways have limited ports, which means there might be only one port for the heartbeat. To avoid the split-brain problem, Cloud Edge might use a data line as a backup heartbeat line.
One Route Next Hop	If HA is implemented in a one route next-hop scenario, NAT must be enabled and cannot be transformed into the same subnet addresses in Cloud Edge gateways. Example: There is an HA group with CE-1 and CE-2 gateways, and CE-1 is the master. If CE-1 fails, CE-2 become the master and packets are forwarded through the CE-2 WAN port. However, the packets might still be forwarded to the CE-1 WAN port by the router.

Limitation

Description

NAT connections

NAT connection tracking will not be synchronized.

When a gateway is switched, all connections will break.

Split brain issue

Cloud Edge gateways have limited ports, which means there might be only one port for the heartbeat. To avoid the split-brain problem, Cloud Edge might use a data line as a backup heartbeat line.

One Route Next Hop

If HA is implemented in a one route next-hop scenario, NAT must be enabled and cannot be transformed into the same subnet addresses in Cloud Edge gateways.

Example: There is an HA group with CE-1 and CE-2 gateways, and CE-1 is the master. If CE-1 fails, CE-2 become the master and packets are forwarded through the CE-2 WAN port. However, the packets might still be forwarded to the CE-1 WAN port by the router.