To enable you to view full traffic flows with either "debug flow basic" or "snoop" you need to create a policy that matches the traffic flow and disable hardware processing on it (it doesn't look like you can do this retrospectively to a policy):
ISG2000(M)-> set policy from untrust to trust host-a host-b icmp permit no-hw-sess
