Disable configuration sync locally on BOTH firewalls (Device > High Availability)

Import the passive firewall with all VSYS. Import to shared where possible if you want to.

Commit to Panorama.

Push and Commit Bundle to device. This will push the device group but not the template.

Commit to Panorama.

Push to firewall. This will push out the template configuration but it will not override anything unless you force template values.

If you are active/passive, failover so the firewall you just made “Panorama controlled” is active and then repeat the steps above with the firewall that is considered normally “active”.

If you are active/active, you will need to delete all configuration under Policy and Objects on the local firewall just before you “Push and Commit Bundle to this second firewall. This will cause a traffic 'blip'.

Put both firewalls to use the same device group.

If apporpriate, set both firewalls to use the same template but you may need to edit the HA settings using variables.