I have installed two ISA server 2006 both, in a domain environment, and acting as firewall and CSS. I first faced a problem to join the second server to the array, tried to add it to the array members group but did not work. I could solve it only by using the fwengmon /allow fromto by opening the link between the two servers... and tadaaa it worked. unfortunalty if I reissue the fwengmon with "/noallow" the traffice between the two servers doesn't flow smoothly. I tried to trace it using the logging, and found that port 2173 is always blocked which is "replication between array members"
is there anything can be done to solve this problem. I am living with only one CSS now..
basically, you have to add both CSS's ip addresses to the "Replicate Configuration Storage servers" computer set in Enterprise -> enterprise policy -> toolbox->computer sets.
I recommend you to go for a private network between the two CSS's if they are local and add there IP addresses to the Replicate Configuration Storage servers.
if you don't succeed in getting them replicated, use the fwengmon tool to open the link between the CSSs and give them time to replicate. then close the connection again. you can download it for free from microsoft website.