This is for multi context, both firewall are at active status. NOT FOR active/standby mode
When running in Active/Active failover, a unit may receive a return packet for a connection that originated through its peer unit. Because the security appliance that receives the packet does not have any connection information for the packet, the packet is dropped. This most commonly occurs when the
two security appliances in an Active/Active failover pair are connected to different service providers and the outbound connection does not use a NAT address.