Fault Tolerance, by design, requires the same two VMs running on two different ESXis. However, Deep Security has only one DSVA running on the ESXi. This is a limitation that we can not support.

If Fault Tolerance is enabled after a VM is already activated, then Deep Security Manager (DSM) will recognize that the secondary VM is created on the other ESX in the cluster, and it will report it as a “Duplicate Computer." Therefore, attempt to activate the secondary computer fails. This is the expected behavior because we do not want to have a secondary VM activated. Moreover, activating an already Fault Tolerance-enabled VM will cause “Interfaces out of sync” error as both primary and secondary VMs have the same MAC addresses.

Additionally, if a vCenter returns VMs that share a UUID even if they are on different vCenters, an alert will be raised. This will not cause issues if DSVA is not involved because the UUID is not used in Deep Security Agent (DSA) deployments.

For more information about Fault Tolerance, you may refer to this VMware Knowledge Base article: VMware Fault Tolerance FAQ (1013428).