What is stateful failover?

When Stateful Failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Supported end-user applications are not required to reconnect to keep the same communication session.

Core issue

How many interfaces are required to implement LAN-based failover and stateful failover on the PIX?

Resolution

One dedicated interface is required; two dedicated interfaces are recommended.

Stateful failover requires that a dedicated interface be used as the stateful failover interface. This interface must be as fast as (or faster than) the fastest interface in the PIX. For example, if the PIX has a Gigabit Ethernet interface, than the stateful failover interface must also be a Gigabit interface.

LAN-based failover also requires an interface to send the PIX's status to the failover PIX and to synchronize the configurations. While the LAN-based failover interface is not required to be a dedicated interface, it is recommended that a dedicated interface be used to ensure that communications are transferred between PIXes in a timely fashion. If the PIX is not passing too much traffic (or not too busy), then the LAN failover interface may share the same interface as the stateful failover interface.

For more details refer How    Failover Works on the Cisco Secure PIX Firewall.