Hi!
1. If you can see log entries but nothing appears in the debug output, this means, that the flow filter is configured incorrectly. The debug and snoop are the only tools that enable the capture of the packets that are dropped before a policy is applied or of those, dropped with the default policy. Such packets are not logged but can be captured by debug or snoop.
I would recommend to enable logging on the session start. If you see no session start log entries while pinging an internal host from the client, this might mean that:
a. No packets reach the FW (a client problem).
b. The packets reach the FW but cannot be routed (drop-before-the-policy).
c. No matching policy is found (drop per default policy).
To log the case c. you can configure a global policy with source and destination zones "Global", source and destination objects "Any", service "Any", action "Drop" and logging on the session start.
2. I am even more confused. ScreenOS does not support any kind of load balancing excepting Equal Cost Multipath Routing but it's usability is limited and depends substantially on the surrounding infrastructure.
Kind regards,
Edouard