Deploy a Barracuda NextGen Firewall F-Series HA cluster in the Amazon AWS Cloud to ensure that your AWS resources are always available. For the backend servers to always use the active firewall instance, the AWS route table is rewritten each time a takeover event occurs. Incoming traffic can be directed to the active firewall by either Amazon Load Balancer for TCP connections or the DNS-based Route 53.
Deploy a High Availability Cluster
Create a high availability cluster by deploying two firewall instances in two subnets, each in a different availability zone. The firewalls must be reconfigured to use static IP address and launched with an IAM role to allow the firewall to rewrite AWS route tables after a failover event.
For more information, see How to Configure a Multi-AZ High Availability Cluster in AWS Using the AWS Console.
AWS Route Table Rewriting with AWS Cloud Integration
The routes in the AWS route table are limited to one target instance as the gateway device. When you are using a high availability cluster as the gateway, the IP address of the gateway VM changes when the virtual server fails over. AWS cloud integration and route table rewriting allow both firewall VMs to access the AWS cloud fabric and reconfigure the routing table when a failover occurs. An IAM role must be assigned to your firewall instance to be able to authenticate the necessary API calls.
For more information, see How to Create an IAM Role for an F-Series Firewall in AWS.