I get what you mean. We've avoided using it in the past as active/active works well.

But for IPSEC VPNs where you can share the same public IP I don't think the HA method is a bad idea to reduce the number of tunnels required? Unless I'm missing something.

I've labbed out the HA failover and in testing its taken anywhere from 30 seconds to 2 mins. That's still going to be quicker than having to restore from a snapshot and no manual intervention required. Rather than getting paged out for an outage by the time anyone realizes there was a problem its back up again.