In an active-passive high availability (HA) cluster, the passive device is observed forwarding traffic logs to Panorama, even though traffic does not pass through the passive device.
Cause
Due to high CPU utilization on the management plane and a high number of traffic logs, it is possible that the firewall is unable to send logs in real time. In such a scenario, there would be a gap between log received time and log generated time on Panorama.
If failover happens, the active device will become passive, but it will continue to send old logs to Panorama. The
transmission will stop when all logs between the firewall and Panorama are in sync.