Error message "forwarded-only unexpected here" during commit to Firewall from Panorama

• Unable to commit changes on a Firewall when pushed from Panorama.
• In a HA Setup, the HA sync also indicates failure.
• Forwarded-only option is unchecked under decryption Profile GUI: Objects  > Decryption > Decryption-profile>  Enable Forwarded Only.
• "forwarded-only unexpected here" message is seen during commit,

Details:
Validation Error:
profiles -> decryption -> SSL Inbound Profile -> forwarded-only unexpected here
profiles -> decryption is invalid
Commit failed

• Panorama managed Firewalls (Non VM based)
• Supported PAN-OS
• SSL Decryption

• The error message is displayed because the firewall to which the configuration is pushed has no decryption mirroring license.
• By default, the option "Forwarded Only" option is checked.
• When this option is checked (default) the commit is successful on the firewall even without a decryption mirroring license.
• The reason is that when the default options are pushed from Panorama, it does not check the firewall for decryption mirroring feature as it knows it is disabled.
• When the "Forwarded Only" option is unchecked then the license on Firewall is checked causing the commit to fail when the firewall has no decryption mirroring license.

1. Enable the "Forwarded Only" option on Panorama.
2. This is done under the Device group,  GUI: Objects >Decryption>Decryption-profile>  "check" the Forwarded Only box
3. Commit the changes on Panorama and push the changes to Firewalls.