Re: HA cluster A/P WAN failover
I'm not quite sure what you're asking. I assume that's why you have two WAN connections, yes, in case one of them fails. And the reason you have two FGTs is in case one of *them* fails. Since you have both, you could now have 1 of each fail and still have no impact to service. Anytime you throw HA firewalls in place you need to make sure each one has the same connectivity to all networks or it's not really HA and it won't work.
Now you'll need to consider the impact of the failure of one of your VSF switches as well, or that becomes a single point of failure. Most likely you'd do 1 WAN to each switch and then make both connections (to FGT1 and FGT2) from that same switch. So the WAN connected to each switch becomes reliant on that switch, and if say switch A fails at the same time that WAN B fails, you're SOL because working WAN A can't talk to either FGT although both FGTs can talk to broken WAN B. There's always some combination that can break things, but you can think through the different scenarios and consider what's more likely under your circumstances (unreliable ISP, old gear, etc).
Hope that helps! - Daniel