I'm in the process of deploying Steelhead 1050Ls in my home office and at two field sites, all of which will be running the McAfee Firewall Enterprise RSPs.  In each case I'll be deploying the Steelheads with In Path Redundancy in a Master and Backup configuration.  

Everything I've read up to this point tells me that the Steelheads expect to have the chained In Path interfaces sitting on the same subnet.  The problem I'm foreseeing is that the MFE firewall RSP modifies that behavior.  The external virtual interface of the MFE is on a different subnet than the internal virtual interfaces.  If the Master is on the LAN side and the RSP is running on the Master Steelhead then the Backup Steelhead won't be able to communicate with Master and will try to take over.  If the Master is on the WAN side then the Backup will be able to communicate with the Master and can see if the Master fails but then when it brings the RSP online the Master won't be able to see the backup when it comes back up and can't signal that it is online.

It should be noted that I have multiple internal networks that connect through the firewall to a single WAN connection at all sites.

I've attached a diagram that I hope shows my thinking up to this point.  If I'm going about this the wrong way please let me know.

Is there any way to configure the Steelheads to do their online/offline checks over the aux interface maybe?

Thanks