My guess is asymmetric routing. Traffic from vlan 68 is sent to the default gateway FW02, it forwards it to the vlan 40. Now returning traffic from vlan 40 is sent to it's default gateway FW01 and is blocked.
As a temporary workaround you can disable tcp syn and sequence checks on both firewalls.
# set security flow tcp-session no-syn-check
# set security flow tcp-session no-sequence-check
These are global settings. You can overwrite it for every policy that you want the check to be enabled by adding
#... then permit tcp-options syn-check-required
#... then permit tcp-options sequence-check-required
As a long term solution I would consider configuring these firewalls as a cluster.