I would recommend you to make the changes to the existing setup during the MW because any change will disrupt the VPN.
Based on your answers I would suggest you to raise a JTAC case as this will require some real time troubleshooting on the FW .
Regards,
Rishi