Few other changes to make to add a bit of extra security to the firewall. 


Where :

• mode single: prevents you from running systems in virtual mode, and having more then one fw in the chassis.
  
• no service password-recovery: makes it so that when you do a password recovery, it automatically blows away the current running config.  (so that no one else gets to see what it is.)