if you reinstall your entire firewall host, your host key become changed.
If you than want to reinstall the the policy to that (new) firewall, you
can see in verbose mode, that there is a problem with the Host-Key. But
you don't get any chance to say, o.k. I know what I'm doing, please change
the cached host-key, because the key has changed and I know. You need to
change it in ssh manually. Why not an dialog like this one you get storing
the key for the first time?
With best regards