Why Panorama pushed configuration is not synchronized between HA pair of firewalls?
Symptom
Resolution
If you push the configurations from the Panorama appliance only to the active node,
then the same changes will not be there on the passive unit.
>request high-availability sync-to-remote running-config
Even the above command will not make the Panorama pushed config on the active node get synchronized with the passive.
However, the configs show synchronized under the high availability widget.
For example, if we change anything on the firewall (for example, add a loopback) that was getting synced with the passive unit but not the Panorama pushed appliance...
This is expected behavior since the config sync is only for the running config (which means all the locally configured changes ) and not for the configuration pushed from Panorama.
So we have to push the configurations from the Panorama applicance to both devices in order to make the configurations the same on both units.