I use CSM to manage muliple FWSM contexts (both transparent and routed) in Failover mode.
Recently I moved a few contexts from group 1 to group 2. You need to have both context groups active on the same device. That makes sense.
After the migration (active-active again), I verified reachability (connectivity check) of all contexts, and they all passed.
When I push a change to a FW in group 2, I get a warning: "changes on the standby unit are not replicated to the primary"
It appears CSM is still managing group2 members through the admin context.
I searched a bit deeper, and found I formot to add an management IP address to the contexts of group 2 (they can be found in the system context tree, under 'security contexts'.
I've added the IP-address, but when I save that page, I get another warning:
"There are contexts assigned to both group 1 and 2. Make sure both groups are in the same state (active or standby)"
I do not see why this is neccessary. All I've changed is the way CSM accesses the contexts. No changes are made in the FWs themselves.
Can anyone enlighten me?