I have to do a password recovery on a PIX 515E. I have the instructions and don't see any issues, except that this pix is part of a Lan-based fail-over pair. I was hoping someone could proof my idea of how to do this with the least amount of pain. No users will be on when I do this, so I will (should) have a quiet network...but also no immediate feedback on success.

here's what I'm thinking I should do:

1) Connect console to the secondary so I can watch system messages

2) power down and disconnect the primary pix (disconnect both the failover cable and the ethernet 0 and 1 cables)

3) Run the PW recovery on the primary, reset the passwords, write the config

4) Reconnect the cables to the primary, but don't turn it on

5) Power down the active secondary and disconnect the cables

6) Power up the primary and make sure it comes up and starts passing traffic (although failover won't work...)

7)Once the primary is up and happy, reset the passwords on the secondary and write the config

8) Reconnect the secondary, power it up, and watch for failover to sync.

Am I leaving anything major out?