Filter setup plan
Here is the basic layout that will run our connection in the fall. Could be good to show at staff training.
On the left side of the firewalls is one subnet, 10.4.0.0/24. On the right side is another, 10.5.0.0/24. These will be real live IPs when we are in bond hall. The routers serve as a gateway on each end. Each firewall has an IP on each of the 2 subnets here. So firewall A has an interface with the IP 10.4.0.17 and one with 10.5.0.17. These IP’s don’t serve much purpose. Then each firewall is configured with the virtual IP of the gateway for each subnet. The gateway of the 10.4.0.0/24 network is 10.4.0.12, etc. The firewalls decide who will act as the master for the gateway IP using the CARP protocol from OpenBSD. This page has good examples of the power of CARP.