I have 2 routers 7201 wich has connectivity with various ISPs.
First router has connectivity with ISP A and ISP B1, and router B has connectivity with ISP B2, wich acts as backup of ISP B1 of router A.
These routers have configured BGP.
By default, only route from A router (it has configured HSRP in inside interface).
If ISP B1 goes down, depends on destination AS, routerA routes to ISP A, or reroute to ISP B2 (router B).
Only if router A crashes, all trafic is routed to router (ISP B2)by means of HSRP.
I have applied ACLs in WAN interface (outside), but sometimes we originate some trafic from inside interface (LAN).
To solve this issue, I use classic ip inspect.
If ISP B1 or router A goes down, inspected traffic are droped because router B has not any list with inspected packets by routerA, and ACL in ISP B2 deny traffic.
I readed about Firewall Stateful Failover, but I think I must be not configure it, because sometimes can route with 2 routers at the same time, and Stateful Failover is designed to use an active/backup scenario.
How could I configure Stateful Failover? Must I change BGP route policy?