I have a pair of Cisco ASA 5510 running in active/ standby configuration. We are changing the public address of our internet connection and therefore will need to make a number of changes to our security policy such as NAT rules Object IP addresses and Interface IP's.
I wanted to make the changes during the day and wondered if it i could complete the work as follows.
1 Take primary firewall offline so standby firewall becomes active.
2 Make changes to offline firewall and test.
3 out of hours switch off standby firewall and bring primary firewall back into the network.
4. Test new config on primary firewall.;
5 power up standby firewall and allow primary firewall to sync new config with secondary.
Will this work ok.