I would like to fail over my public ip addresses between firewalls if one fails. Clustering currently support VPN but if it moves the ip addresses in the group is that all that is needed. Or should I use VRRP? The problem I see with VRRP is that the messages are sent on the public interface so my VRRP info would be exposed. Any guidance would be appreciated. Thank you.