Clustering and VPNs
A Engine cluster can be used as a gateway in policy-based and route-based VPNs. There are no additional configuration steps compared to a Single Firewall.
Clustering provides high availability and load balancing at the VPN gateway with multiple nodes in a cluster. If one of the nodes is commanded offline or fails, the remaining nodes in the cluster take over the VPN traffic that was handled by that node. To allow the nodes to use the same certificate, the associated private encryption key is exchanged securely through the heartbeat channel. To external VPN gateways, the cluster presents itself as a single device with a single endpoint (CVI IP address) to contact.