Hi, config will auto sync after HA is established

Direct is most ideal(ie. I can't think of why we'd want to introduce a switch unless it's necessary such as if both firewalls are physically located further from each other) . A switch can be used too though (just gotta make sure the frames get forwarded by the switch).

aggregate interface is not a requirement. I'd say call into TAC for troubleshooting assistance.

The first minute and a half of the video covers this, just try to relate it to IPsec to answer your question. So for IPsec, both firewalls have the identical configuration for each VPN, the passive firewall will only actually use its config (and the IPs bound to the physical interfaces that the IPsec interface is associated with) when a failover event occurs. The purpose of HA is to essentially have a carbon copy of the exact same firewall config, there isn't extra logic/behavior on the passive firewall for different features(there are some exceptions to this)

The reason i ask is realted to IPSEC Tunnels

Yes fg2 will change its external ip to be the same one as fg1. Although fg2 won't actually 'claim' the fg1 ip from a networking perspective until fg1 goes down

Here's a link on what appears to be the topology you are trying to setup: docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801190/ha-mode-fortigate-units-managing-a-stack-of-several-fortiswitch-units

Yes no config needed on fg2, just need to be able to access it so even pub ip not actually needed

How so? Let me know if you have a question so I can help answer it. Using my example, the switch could be a dumb switch, it's purpose is to place both fortigate interfaces on the same broadcast domain and to facilitate GARP updates