Currently my setup has our egress uplink connected directly to an external interface on a linux router/firewall/nat gateway. Since the linux box is a single point of failure, I've since setup two openbsd boxes using carp+pf+pfsync in order to gain some additional redundancy. the problem is, I only have one egress uplink (it's still a single point of failure) but need to get it to speak to the active carp node in my openbsd cluster which will server as my new router/firewall/nat cluster.

Is there anything specific I need to do on a 3560G in order for me to be able to:

1) Drop the egress uplink into a port 2) Drop one link from the switch to a firewall 2) Drop a second link from a switch to the firewall

This is so if one box dies, the other still has the egress link to the switch.

Is putting them into one VLAN enough? Anything else that needs to go into the configuration for this setup to work?