My configuration is simple and testing has gone well.... I started off with a Class map that only matched on an access list. After successful testing I added a subordinate class map for protocol matching. If appears to be working but the statistics do not show what I expect.
In the attachment you will see the configuration and the output of the "show policy-map type inspect zone-pair inout session" command.
Although it is working I expected to see hits against the protocols I am inspecting. In this case a ping to an outside server should have hits against the ICMP protocol. Same thing it I do an HTTP session - it works but no hits. In reading through the documentation I have configured it correctly, but am I missing something.
BTW - 881 Version 12.4.20T1