Understanding CARP dashboard / strange behaviour

[reunion974]

I just installed 2 OPNsense physical servers with HA.
As I have only 2 ethernet ports per server, I use multiple VLANS, including one dedicated to pfsync.
All the configuration seem ok, except some connexion problems when CARP swith to backup.

This morning I received messages from MONIT informing that the CARP backup -> master.

On the OPNSENSE Lobby:dashboard/CARP I heve this for the master :
CARP
 WAN@1      MASTER   192.168.42.250
 SRV@10      BACKUP   192.168.10.1
 IoT@20      BACKUP   192.168.20.1
 Management@40      BACKUP   192.168.40.1
 GUEST@30      BACKUP   192.168.30.1

And this on the slave:
CARP
 WAN@1      BACKUP   192.168.42.250
 SRV@10      MASTER   192.168.10.1
 IoT@20      MASTER   192.168.20.1
 Management@40      MASTER   192.168.40.1
 GUEST@30      MASTER   192.168.30.1

So it seems that the master firewall is acting as master on the WAN interface but as backup on the vlans on the LAN side, while the backup firewall is acting as backup on the WAN side but as master on the LAN side.

How is it possible? From what I understood, one physical firewall has to manage filtering rules, routing,... to do so it needs to have hand on both LAN and WAN. The firewall task can not be distributed over 2 physical servers, right?
So if I'm right, I should not have internet connexion, but as I'm writing this post the connexion is up!

Any help or explaination will be more than welcome !!!
Thanks a lot

EDIT: I found 2 other persons describing this issue. Unfortunately no answer.