Passive device in an HA pair doesn't update and there is a mismatch status for the app and threat compatibility.
From the passive device:
> ping host updates.paloaltonetworks.com
> debug dataplane internal vif link
eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:1b:17:01:47:00 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 12121844 100266 0 0 0 70484 TX: bytes packets errors dropped carrier collsns 5197283 13280 0 0 0 0