I ran the debug flow basic as detailed in the article. I did find some issues with bad cached routes, which I was able to disable for the time being, and a poorly-thought-out policy that I removed while I get this sorted.
I'm attaching a snipped from the debug stream in a text document. It says that it's not matching any policies, but the policies it says don't match definitely exist.
zone 1 is Untrust
zone 2 is Trust
A policy does exist from Untrust to Trust; from Any to x.x.2.1 HTTPS;
policy search from zone 1-> zone 2
policy_flow_search policy search nat_crt from zone 1-> zone 2
RPC Mapping Table search returned 0 matched service(s) for (vsys Root, ip x.x.2.1, port 443, proto 6)