A security appliance system routing strings of data packets in a high availability environment. The security appliance system contains a plurality of intrusion prevention systems connected to a load balancer and a computing device. Each intrusion prevention system contains stored session state information in a local session state data store, the load balancer contains a shared hash algorithm, and the computing device contains a connection state manager containing a network session state data store. The computing device includes a topology manager recording connectivity changes of the intrusion prevention systems and accordingly adjusting the shared hash algorithm for the recorded connectivity changes. Using the shared hash algorithm and routing information, a hash value is assigned to received strings. Strings are forwarded an intrusion prevention system based on assigned hash value and processed using stored session state information within the local session state data store and the network session state data store.