[phatgreenbuds]

I am currently managing 200+ of these little boxes with another 200 on their way out to the field soon. We have worked pretty extensivly with the developers to work out many of the issues we encountered as we deployed the first 200.

"ON NGX Mgmt: Mgmt communicates to Edge device on the internal Interface.
There is a stand alone Firewall used to monitor the communication between Mgmt and VPN edge. -"

This statement is pretty confusing...i first assume that in your management station you have defined the edge with the same internal IP as you have in the internal interface and you can route to it with no issues. If you are routing to it through the external interface then yes you will see some issues like you are seeing here (not sure i understand the point of having the stand alone firewall in the middle of this other then a point of confusion for your network). We found that when manageing the edge via the private interface we often could not connect to the service center. This was due to the edge being defined by its private address but the manager was seeing it as a box with the public address. The work around for this was to define it in the manager as a dynamic address and after that it worked fine. If you have the backend connectivity to the manager from the edge then this is not your problem. So really what we need here is a better understanding of your topology.