In this scenario Web Security Manager is deployed in a high avalibility configuration with an extra Web Security Manager (backup) used for fail-over. A dedicated network or crossover cable is used to connect the Web Security Manager cluster and a separate interface is used for synchronization of various information between the active and the backup Web Security Manager. Inbound and outbound traffic share the same interface.

The two Web Security Manager systems share a virtual (VIP) IP address 192.168.1.12.

HTTP/HTTPS traffic designated to the web systems (192.168.0.3 and 192.168.0.4) is redirected (either by forwarding IP packets via the router or by altering web systems' DNS settings) to Web Security Manager's VIP address 192.168.1.12.

In case the active Web Security Manager system fails or looses the connectivity, the backup will take over the VIP and start handling the requests from clients.

The web systems' default gateway is the firewall with IP address 192.168.0.1.