We have 4 x EC2 instances... 2 x are for VPN service.. This being one for site to site tunnels and the other for client access VPNs. The other two EC2 instances are for the production web app and the dev web app... Now.. We plan on replacing the two VPN EC2 instances with a single pfsense firewall. It will handle the routing, NAT'ing, site to site tunnels, and client access VPNs.. I'll end up with 3 x EC2 instances total. The pfsense firewall, production web app, and dev web app. Since the pfsense firewall will be handling the routing, site to site tunnels, NAT'ing, and client access VPNs I'll be obviously making changes to the current VPC. Am I better off creating a new VPN and moving these EC2 instances into it? Or.. Just modifying the existing VPC?