in case of the vlan tags you wouldn't necessarily need to create subinterfaces, enabling vln tags in the vwire should be enough
also: did this issue start occurring immediately after introducing the vwire and did you wait long enough for it to correct itself?
when introducing a vwire, any existing sessions will be blocked as there was never a handshake seen by the firewall and so no session was created to allow the traffic to pass through. eventually all sessions should gracefully reestablish but some applications may take a long time to 'autocorrect'
you could try disabling non-syn drop mechanism for a while:
> set session tcp-reject-non-syn no
dont leave this setting disabled for too long, just long enough for sessions to reestablish and you are satisfied everything works, then turn it back on again
> set session tcp-reject-non-syn yes
... View more