Am I correct in assuming that if Switch 1 were to go down that Firewall 1 would detect a dead connection and demote itself and so Firewall 2 take over?
Thanks Patrick and mimugmail. I think there may be a misunderstanding about my question. I am asking about the configuration on the switch. I had thought that the switch (or in my case switches in MLAG) should have no bonding between the ports that connect from the switch to the firewalls because I was under the impression that when a new CARP group master takes over it issues a Gratuitous ARP (GARP).
This would mean that, in principle, the switch should see the GARP and update its MAC address table. However, this does not seem to be working - hence my question. For me, when the CARP master changes traffic gets dropped.