Transport encryption of synced IPsec states can be configured using the config> redundancy>multi-chassis>peer>sync>transport-encryption>application ipsec command, with the ipsec parameter as the keychain name. This causes the system to encrypt the IPsec states during transportation between the active and standby.
The key used to encrypt states is specified by the referenced keychain, which is defined in the config>system>security>keychain context. The keychain provides the user the ability to gracefully enable or disable encryption or change the key.