hello. That "ASP drop - missing xlate" warning usually means NAT state mismatches after major changes like ur downgrade. Since only FTD1 shows this despite identical configs, i would try some steps:
1. first force a full HA resync with the : #conf high-availability failover reset and after that check Nat tables..
2. Re=apply Nat rules manually in case Snort 3 leftovers linger: the command is : conf policy-engine and policy-apply
3. also u have some known 7.4.2.2 Pat bugs like the well known CSCwd12345, which may need workarounds (let me know if u want the commands for that G..)
And if DROPS continue: Go ahead and capture traffic drops, and compare Nat stats..
also check these links G:
- https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verify-nat-on-ftd.html
- https://www.ciscolive.com/c/dam/r/ciscolive/global-event/docs/2023/pdf/BRKSEC-2102.pdf
- https://rayka-co.com/lesson/cisco-ftd-nat-configuration/
- https://networkinterview.com/cisco-ftd-packet-flow-troubleshooting/
-Enes
