To achieve stateful failover, IPsec states are synced between chassis by using the MCS protocol.
Only successfully created SA after a completed INITIAL EXCHANGES or CREATE_CILD_SA EXCHANGES is synced.
Upon switchover, the new standby chassis reboots the tunnel-group.
The ESP sequence number is not synced except for the high 32 bits of extended sequence numbers.
The CLI configuration is not synced.
The time must be the same on both chassis (using NTP/SNTP to sync to the same server is an option).