Apologies for the delayed response.
It's inbound antispoofing that's dropping the traffic, on the external interface of the gateway. Host 172.16.100.109 is the OM IP, 172.16.200.222 is the internal host.
The traffic that is being dropped by AS is replies to traffic originating from inside. If I do a unsolicited connection from the OM IP to inside, it works fine.
Below is one of the AS logs:
Interface Direction: inbound
Interface Name: eth7
Id Generated By Indexer: false
Source Port: 4899
Destination Port: 53637
IP Protocol: 6
Message Information: Address spoofing
Session ID: 0
Destination Machine Name:172.16.200.222
Policy Date: 2020-05-18T07:12:00Z
Product Family: Access
Description: TCP/53637 Traffic Dropped from xxxx (172.16.100.109) to xxxx (172.16.200.222)