In Cisco doc (ID 77809), PIX/ASA: Active/Standby Failover Configuration Example, LAN-Based Active/Standby Failover Config, it states that: "Instead of using a crossover Ethernet cable to directly link the units, Cisco recommends that you use a dedicated switch between the primary and secondary units".
Please any one can let me know more about the reasoning behind it.
Also if we do not use "dedicated switch", instead, we use vlan in switch for this purpos. The config likes: primary ASA <--> primary switch <-->secondary switch <--> secondary ASA.
Tese two switches are distribution switches.
Can you see any problem?
Each interface should connect to a switch port so that the link status is always up to one firewall interface if the other firewall interface fails. Otherwise, both units sense a link-down condition and assume that their own interfaces have a failure. You don't need a dedicated switch, you can use your distributions switches.