global-protect-gateway tunnel interface (tunnel.1) in vsys (vsys1) parsing failed
In this example, the GlobalProtect certificate is selected to also be the WebGUI certificate.
To verify this, go inside of the WebGUI, Device > Certificate Management > Certificates and click on the certificate name (GlobalProtect in this example), and you will see that "Certificate for Secure Web GUI" is selected.
To resolve this error, remove the check for "Certificate for Secure Web GUI" from the GlobalProtect Certificate, then Commit the changes.
The HA will now Sync properly.
If you need to use a SSL certificate for the WebGUI(Secure Web GUI), you will need to create and use a separate certificate for the WebGUI.