It has been a few years since I added a second ASA to an active one that was not configured for failover. I forget the order to activate failover. I remember the first time doing this I goofed and the secondary unit, which had nothing but failover configured kept overwriting the primary unit.
So I have a 5510 with failover configured and it is enabled. Do I add in the second ASA by first enabling the management(failover) interface, verifying that it can ping the primary, keep all the other interfaces disabled and then commit the failover command? I already have the base failover configured, and there are certs on the primary that need to be pushed to the secondary. Once the primary finishes pushing the configuration to the standby, then enable the interfaces? Since the active unit is already enabled, I shouldn't see any downtime for this, or will I?
