Please tell me how your WAN is setup.1. One CARP VIP for IPv4 without explicit IP adresses set on the WAN interfaces.2. One CARP VIP for IPv4 and two additional IPv4 adresses set on backup and master OPNsense WAN interface.If its 1, that behavior is expected.
It kinda sounds like there is some sort of routing issue.Does the CARP VIP and the Interface IPs have the right subnet?So for example, if all of them are in a /28 net, both WAN interfaces and the CARP VIP should have /28.Also, have you made sure there is no IP collision (or if its a VM a MAC collision <- very hard to find) in that network with another device maybe?
The firewall shouldnt NAT itself since it has the public IP directly.Maybe its a gateway problem. Check if there is a Gateway for the passive Firewall to push the pakets to the Juniper. Maybe they turn off or dpinger is active or something like that.The opnsense itself uses the gateway marked as default. (active) in the GUI. (Upstream Gateway)Check if both WAN interfaces actually have a Gateway set or just the VIP does.