HA Active / Passive firewall Non Functional reason "State synchronization mismatch".

In the Device > High Availability > HA Communications > Data Links (HA2), "Enable Session Synchronization" is unchecked.

(Note: Do not rely on the overview screen as this information could be misleading. Click on the edit setting gear and verify the checkbox is checked.)

Click the edit settings gear in the Device > High Availability > HA Communications > Data Links (HA2), then check the box for  Enable Session Synchronization.

1. Below Error observed when tried to do config sync via CLI :

> request high-availability sync-to-remote running-config
Executing this command will overwrite the candidate configuration on the peer and trigger a commit on the peer. Do you want to continue? (y or n)

Server error : Failed to synchronize running configuration with HA peer; operation not allowed: Peer disconnected with commit

> request high-availability sync-to-remote running-config
Executing this command will overwrite the candidate configuration on the peer and trigger a commit on the peer. Do you want to continue? (y or n)

Server error : Failed to synchronize running configuration with HA peer; operation not allowed: Compatibility mismatch

2. To check the "Enable Session Synchronization" state from CLI use:

PA-FW (non-functional) > configure
PA-FW (non-functional) # show deviceconfig high-availability group state-synchronization
state-synchronization {
  enabled yes;
}
[edit]

3. To disable the state synchronization form CLI use:

> configure
# set deviceconfig high-availability group state-synchronization enabled no
# commit

Ensure that both firewalls in HA have the state-synchronization enabled or both firewalls in HA have the state-synchronization disabled.

4. If the transport port of HA2 is configured to be different from the default, ensure that it matches between the firewalls' peers in HA. A mismatch in the HA2 used port also triggers the "State synchronization mismatch" non-functional state.