Hi egawd
Glad that you got it working.
W.r.t the logging of failed attempts, unfortunately policy logging will only capture initiation and closure of established sessions. One way to identify traffic denied by policy on the Firewall is to set up a default deny policy at the end of the policy stack and enable logging on that (not advisable if you have a lot of traffic, might drive CPU high). But in your case you have a allow all policy. You wouldnt really be having failed attempts.
Now moving to capturing failed attempts on NAT Translations.
Again a failure to translate is basically a failure to create a matching rule for the traffic. If traffic matches a rule it will get NATted, unless ofcource we run out of port allocations.
Regards,
Anand