Bidirectional forward detection (BFD) is the protocol designed for detecting fast forwarding path failure detection various media types, encapsulations, topologies and routing protocols. BFD helps in providing a consistent failure detection method.  In NSX-T environment where Edge node in edge cluster exchange its BFD keep-alive status on management and tunnel (TEP/overlay) interface to get proper communication among each Edge/host transport nodes in NSX-T environment.                                                       Fig:1 (Credit: vmware.com) eg: When the standby Edge node on T0 gateway fails to receive keep-alive status on both (management & tunnels) interfaces then in that case its not going to become active as its already in standby state. What its looses is its interface communication either from management of overlay. Some features of BFD  High availability uses BFD to detect forwarding path failures. BFD provides a low-overhead detection of fault even on physical medi

NSX-T Data Center included two types of firewalls: Distributed Firewall    ( for east-west traffic ) Gateway Firewall        ( for north-south traffic )                                              Fig:1 (credit: vmware.com) The distributed firewall is a hypervisor, kernel-embedded stateful firewall:  It resides in the kernel of the hypervisor and outside the guest OS of the VM.  It controls the I/O path to and from the vNIC. The gateway firewall is used for north-south traffic between the NSX-T gateways and the physical network: Its is also called as perimeter firewall protect to and from the physical environment. It applies to Tier-0 and Tier-1 gateway uplinks and service interfaces.  It support both Tier-0 and Tier-1 gateway. If its applies to Tier-0 or Tier-1 gateway then HA status of that gateway should be active-standby. It is a centralized stateful service enforced on the NSX Edge node. Lets discuss both of the above firewall types in detail: Distributed Firewall DFW(Distributed