I am working on a VPN issue with AWS using openwan. Our Palo is configured right but this is what I get back from their side. Has anyone ever seen a similar issue with Palo? I do not believe this is a Palo issue.

We noticed that when using N subnets, (N-1)/N of the traffic are dropped. 

For example, when I try a single subnet (either 10.6.67.157/32 or 10.15.57.0/24), no traffic drop at all. When I try two subnets together, I noticed 50% of the ping got no reply. 

When I try three subnets (10.6.67.157/32, 10.15.57.0/25, 10.15.57.128/25), I noticed more than 50% less than 100% drops. 

My solution is using a single big subnet, 10.6.0.0/12, which contains both 10.6.67.157/32 and 10.15.57.0/24, and the network becomes stable, i.e. no more packet drops. 

Note that 10.6.0.0/12 is a super big subnet. We avoid IP conflicts by doing routing for 10.6.67.157/32 and 10.15.57.0/24 only, instead of routing the whole 10.6.0.0/12.