To meet the demands of stateful services such as more bandwidth and throughput, you can configure Tier-0 and Tier-1 gateways in Active-Active (A-A) configuration. Stateful services are required for next generation firewall, Layer 7 rules, URL filtering or TLS decryption.

Starting with NSX 4.0.1.1, you can scale-out or scale-in the number of service routers by adding NSX Edge nodes to the cluster.

Caution: As you scale-in or scale-out NSX Edge nodes, you might see loss of traffic packets for existing flows.
The supported stateful services are:
  • Next Generation Firewall
  • URL filtering
  • TLS proxy

  • Firewall

  • NAT

The unsupported services are:
  • DNS Forwarder

  • NSX LB

  • L2VPN

  • IPSecVPN

In your existing topology, if Tier-1 gateway is in active-standby (A-S) mode, you cannot reconfigure it in A-A HA mode and it cannot share the same NSX Edge cluster with A-A stateful Tier-0 gateways. As a workaround, deploy that Tier-1 gateway in active-standby mode on a separate cluster. Then, deploy Tier-0 gateway on another NSX Edge cluster. If your environment requires a Tier-1 gateway, configure it in A-A HA mode. See Supported Topologies.