setup for a public /24 network

I've got a /24 network (public IP addresses) which I'd like to
firewall with pfSense. I would like to give the firewall(s) a public
IP as well, for administration. (I also have a private 10.0.0.x
network (each machine has 2 NICs) over a different smart switch 
which is connected to the main switch which I mention just for 
the sake of completeness, because it shouldn't interfere with 
this setup). 

I would like to use a smart switch's VLAN feature to be able to 
patch things around (such as bypassing the firewall altogether, 
or switch to a standby firewall in case of the primary's failure) without
being physically present at the location. The switch already
has a public IP for administration, so presumably I can't lock
myself out, other than by doing dumb things, like disabling the
switch port to the gateway, or similiar.

So far, I've only used pfSense for NATed setups with one
public IP address for WAN and the usual private networks for
LAN. So I presume I would need to choose
"static IP" in General configuration, and put my, let's
say 1.2.3.0/24 as WAN IP address(network), and 1.2.3.1 as my gateway.
But how do I choose the IP for the firewall's administrative
interface itself? Perhaps that's the wrong approach.
Do I need WAN/LAN bridging? Something else?

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature