Stephan A. Rickauer wrote:
One can use 'carppeer' to not send multicast but unicast. However, I was under the impression one still needs to do peering on the same link as the carp interfaces sit.
Yes, because if you send carp messages on an other (dedicated) link and the link to the external/internal network goes down, carp messages will still reach the backup firewall. So, it won't become master.