Software image not being synchronized to HA peer

• On active firewall, a new software image is downloaded and synchronized to its HA pair.
• This image is not seen on the the passive firewall.
• Manually uploading the software image display an error message indicating the image already exists.

• Supported PAN-OS
• High Availability (HA) Active/Passive deployment
• The management interface has filtered access to the Internet
• A service route for "Dynamic Updates" is set to use a dataplane interface

• The firewall needs to refresh the image list from Internet to display the software list.
• Management interface of Passive firewall is not connected to internet and so the image cannot be refreshed using the management port.
• The list can also not be refreshed using dataplane ports as they are not active on the passive firewall.

1. Use the management interface in active/passive mode as it is the only interface usable on the passive firewall.
2. Perform a failover so the passive firewall is elected to active and can refresh the software list. 

• The software image is visible.

admin@PA-VM(active)> request system software check 

Version               Size          Released on Downloaded
-------------------------------------------------------------------------
10.2.1               522MB  2022/04/18 13:11:04         no
10.2.0              1010MB  2022/02/27 19:32:20         no
10.1.7               461MB  2022/09/12 14:40:59         no
10.1.6-h6            459MB  2022/08/09 15:48:38        yes
10.1.6-h3            459MB  2022/06/21 08:11:09         no

* truncated *

• The software upgrade can be done manually.

admin@PA-VM(active)> request system software install version 10.1.6-h6
Executing this command will install a new version of software. It will not take effect until system is restarted. Do you want to continue? (y or n)