Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
for my one of the setup i have two pix 535 configured in active -standby mode .i want to insert the interface card on both of the firewalll without disturbing any services or rather you can say zero downtime
but acoording to the documents i suspect i could acheive it .
help me how can i acheive the above
i am thinking first i will change interface card on standby then i will go with active but the problem i suspect after finishing addition of the card card in standby the failover should have issue as the number of the interfaces could not match on both firewall .so i also suspect i can make the standby to be active forcefully
pls suggest how should i go
As you already guessed this is not possible.
Pls. refer the above link. Failover will disable itself when one unit has extra module that the other one doesn .
Best option is to reload both of them at the same time or shut the sec/standby down, get the card in and get it ready. Then shut the pri/active unit down and fireup the sec/standby unit so it will come up sec/act. Then put the card back in the pri/act unit and fire it back up and it will come up as pri/standby.
You will definitely have a min. of 10-15 min. downtime until the unit reboots.