The script is used by a pair of Single FlexEdge Secure SD-WAN Engines (formerly Next Generation Firewall) on Amazon Web Services (AWS) to act a primary and secondary pair.
One of the SD-WAN Engines acts as the primary and always processes the traffic under normal circumstances.
The second Engine acts as the secondary and constantly monitors the primary:
- It checks the state of the AWS route table from the internal network to the pair of firewalls.
- It periodically tries to open a TCP connection on a well-known port (SSH by default) on the NIC referenced by the route table.
- It checks the operational status of the primary (online/offline), which the primary stores in an EC2 instance tag value.
When the secondary detects an abnormal situation regarding one of these criteria, it takes action to become active and receive the traffic:
- It modifies the AWS route table from the internal network(s) to point to the secondary