I was trying to find out why every day I get a CARP failover and finally figured out that it happens right after Suricata rules are download and suricata (Promiscuous-Mode) is restarted (stopped part of it specifically I think). The firewalls failover to the secondary and then not back again. This happens on the two OPNsense 20.7.7_1-amd64 cluster systems that I have installed on hardware platforms (dell).
Suricata is in IPS Mode