Re: VE HA
Just to add another opinion to this.
Where would we deploy which type of gateway?
- VE or vSec in an environment that is a part of a bigger environment, where the VMWare environment itself, is completely isolated from the VM's and all the VE protects is some specific VM's with limited Internet access. You should not use it to provide access from the internet to your VMWare setup as you might lock yourself out. (Obviously)
- Appliance/Open server anything where internet access is needed in or outbound
- VSX (not yet mentioned) in environments where you need multiple firewalls at the same location to protect different networks / companies / departments and completely separate their individual needs/policies etc.
On the clustering part, do keep in mind a cluster will give you flexibility when you need to install patches/upgrades or anything like that, BUT it will also come with some challenges regarding configuration of the virtual switches either VMWare's or Cisco's Nexus.
As an MSP we have all different flavors running.
Dual P1 R77.30, VSX, IPSO, SPLAT, GAIA mostly.