HSM
configurations are not synchronized between high availability (HA)
firewall peers. Consequently, you must configure the HSM separately
on each peer. In active/passive HA configurations, you must
manually perform one failover to individually
configure and authenticate each HA peer to the HSM. After this initial
manual failover, user interaction is not required for failover to function properly.