Without seeing a packet capture showing the context in which the firewall dropped the RST-ACK it is not possible to determine why it was dropped. Please provide a capture as well as the actual drop log card for this.
It is also possible that you are running afoul of the IPS Core Activation "Spoofed Reset", is that signature enabled in your environment?
Also any chance that there is a duplicate IP address assigned for the client? Is the RST-ACK packet coming from the same Layer 2 MAC address involved with the successful connection packets?
Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones