I am upgrading a single ASA firewall to a dual-ASA firewall. the deployment to consider is active/passive with state failover.
My question is regarding the sync flows between the 2 ASA firewall, in my understanding, there are 2 ways to protect these flows : failover password or IPSec tunnel for failover.
Question : Is there anyway how we can use certificates (from my company's CA) for primary ASA to authenticate secondary ASA and encrypt replication flows between both of them ?
That's becayse I think that password protection is weak, and IPSec tunnel seem to me difficult to throubleshoot by our network operators.
Thanks you so much for you quick answers and feedbacks :)