HA passive link state configuration unavailable in 10.0 VM-series Active/Passive firewalls

• HA passive link state configuration is unavailable in 10.0 VM-series firewalls deployed on public clouds.

• VM-Series firewalls deployed in public cloud environments 
• PAN-OS 10.0 or above
• High Availability (HA) Active/Passive 

• The change is to streamline configuration in the 10.0 PAN-OS on VM-series firewall deployed in the public cloud environments, as interfaces on passive firewall do not forward traffic.
• Public cloud environments do not provide "True L2" network capabilities, which means the physical link state of passive interfaces is irrelevant in these deployments.
• The virtual network interfaces are handled by the hypervisor or cloud platform, and the Passive Link State setting does not provide the same failover benefits as it would in hardware appliances.

1. The default passive link state can only be shutdown in PAN-OS 10.0 in VM-series firewalls deployed on public cloud.
2. If those firewalls have link state set to auto in 9.1 series and prior, configuration needs to be removed after upgrading to 10.0 to avoid commit failure.

>configure
#delete deviceconfig high-availability group mode active-passive
#set deviceconfig high-availability group mode active-passive
#commit

• 9.1 link state options even though the net result is the same which is shutdown as passive firewall dataplane interfaces do not forward packets.

• Option removed in 10.0

•  In private cloud environments (e.g., ESXi), the "Passive Link State" option may still be available and configurable.