High Availability (HA) pair does not synchronize, even though the software, threat, app and URL databases are all on the same version.
Cause
The certificate does not transfer automatically from one device to the other, which prevents the devices from synchronizing.
Resolution
If you have an SSL VPN certificate, make sure that you have one applied on both devices. The certificate used for the devices should have the same options selected, particularly if it is for the secure web GUI option.
Note: If the same certificate is downloaded but the options do not match, the imported certificate will be deleted on the passive device once the synchronization is initiated and will cause the sync to fail.