I am going to be doing a very significant number of config changes to a production Pix 525. This includes removing entire access lists, some objects, shutting down some unused interfaces, adding some new object groups, removing some access list entries in rules etc. Essentially - is a major spring clean. Im debating whether to just totally erase the existing config and tftp the new one straight in - or edit the current one bit by bit to get it how I want it. My instinct is just to erase - and load new config. This feels the cleaneset least risky option (obviously I will back up configs). The Pix can have some downtime as is part of a failover pair. So - what is the intelligence here -? do the mods via one clean hit - or carefully modify the exisiting config "piecemeal fashion"?
By the way the current config is 20 pages long. My mods reduce this to 12. Thanks in adavance