I was afraid you would say that, then why isn't my nat working posted below pertinent config  odd thing is i dont see anything in fw logs

interface Ethernet0/0.299
description ### APP ZONE 2 TEMPLATE ###
vlan 299
nameif DMZ-299
security-level 0
ip address 10.2.99.250 255.255.255.0 standby 10.2.99.253
!
interface Ethernet0/2.399
description ### APP ZONE 3 TEMPLATE ###
vlan 399
nameif DMZ-399
security-level 100
ip address 10.3.99.254 255.255.255.0 standby 10.3.99.253
!
static (DMZ-299,DMZ-399) 10.3.99.10 10.2.99.60 netmask 255.255.255.255
access-group DMZ-299_access_in in interface DMZ-299
access-list DMZ-299_access_in extended permit ip any any

sho xlate
1 in use, 2 most used
Global 10.3.99.10 Local 10.2.99.60

Hi,

Global 10.3.99.10 Local 10.2.99.60

you already have a NAT  translation for the addresses you are trying to do static NAT.

Can you do a sh run nat and sh run global.

static (DMZ-299,DMZ-399) 10.3.99.10 10.2.99.60 netmask 255.255.255.255

DMZ-299 has security level lower than DMZ-399 and usually static NAT is for natting high to low which is reverse of what you are doing  here.

Regards.

Alain.

your right, I don't usually use the gui, and my nat statement was backwards.

changed it to

static(dmz-399,dmz-299) 10.2.99.60 10.3.99.10 ...

worked fine.