The primary Gateway is used to prevent split-brain conditions.

The Gateway has a pre-existing connection to the Active Edge. In a split-brain condition, the Standby Edge, changes state to Active and tries to establish a tunnel with the Gateway. The Gateway will send a response back to the Standby Edge instructing it to move to Standby state, and will not allow the tunnel to be established. Gateway will always have tunnels from just the Active Edge. Only the LAN interfaces remain blocked (as long as the HA cable is down). As illustrated in the following figure, the Gateway signals VCE1 to go into Standby mode on the LAN. This will logically prevent the split-brain scenario from occurring.