Just as a reference, things I usually point out to people in cases like this
-always check monitoring blade, if its enabled
-if monitoring blade is not enabled, see if any report can be generated (though you may need to have smart event enabled for that)
-in some cases, compliance blade may also help, though that needs additional license applied to the management server
-commands such as fw ctl multik print_heavy_conn or cpview (just tab between different fields) can also be useful
-cpstat command can also give some insight, when you run it, it gives all the options/ So say you could run cpstat fw -f all, you run command from 2nd row and then -f and flag from last column in the table (its very useful)
Hope that helps.
Have a nice weekend!
Andy
