Feedback on Dual Firewall Configuration with Cisco Catalyst 3850

[fakebizprez]

Hi OPNsense Community,

I'm currently working on a network setup that involves a Cisco Catalyst 3850 switch and two OPNsense firewalls configured for redundancy. I'd love to get your thoughts and feedback on the configuration to ensure that I've set everything up correctly and optimally.

### Network Configuration Overview

- **Cisco Catalyst 3850**:
  - **VLAN1 (WAN)**: Connected to the Internet using an SPF module.
  - **VLAN2 (LAN)**: Internal network connection via a second SPF module.
  - **VLAN3**: Dedicated VLAN for communication between the switch and the OPNsense firewalls.
  - **VLAN4**: Routes traffic from the firewalls to the servers and other network devices.

- **OPNsense Firewalls**:
  - **Primary Firewall**: Connected to VLAN2, configured with CARP for failover, and synchronized with the backup firewall using pfSync.
  - **Backup Firewall**: Also connected to VLAN2, working in conjunction with the primary firewall using CARP and pfSync.

### Data Flow:

1. **WAN Traffic**: Enters through VLAN1 on the Catalyst 3850.
2. **Firewall Processing**: Routed to VLAN2, where it's processed by the OPNsense firewalls.
   - CARP and pfSync are used to maintain redundancy and synchronization.
3. **Output to Network**: Processed traffic is returned to VLAN3 and then output through VLAN4 to the rest of the network.

Network diagram attached. I'm not sure how this would be configured using Proxmox. As of right now the plan is to go baremetal until I feel confident enough virtualizing it.