New Cluster configuration

There is good reason to tap both inside and outside of a firewall, but only if you are tapping both sides of a firewall. Doing this on both sides of a router is a giant waste of time. That way you can see what actually got out, and not just what got to the firewall but not out. At my old job this is what we did, however we weren’t natting everything (except ipv6, which did ipv4 translation, and had its own challenges).