With HA override disabled, the cluster uses priority when first electing a master:
1. Health of monitored links (none are monitored by default)
2. Uptime (differences of less than 300 seconds or 5 minutes by default are ignored)
3. Priority (default is 128)
4. Serial number as a tiebreaker (the highest wins)
With override enabled:
1. Health of monitored links
4. Serial number
In Active-Passive, the master handles all traffic, and [optionally] synchronizes its configuration, and routing, session, and DHCP lease tables with the slave(s). In Active-Active, UTM proxied sessions are load-balanced (others can be as well, but not by default). HOWEVER...proxied sessions do NOT fail over. It's important to remember that.
A good rule of thumb, which sounds very Orwellian, is "master always in, slave sometimes out". The master always receives every packet inbound to the cluster, regardless of whether the session has been offloaded to the slave. If the slave unit(s) are processing the UTM session, then outbound packets would depart from the slave directly.