Hi everyone

There are one cisco router, one cisco switch and checkpoint cluster in my infrastructure. Cisco router and cisco switch already established ospf neighborship and now I'm trying to establish ospf between between Catalyst 3650 and HA-Cluster R77.30. And it is not working.

Debug information
1. Catalyst sends hello to Cluster
14:40:52.400: OSPF: Send hello to 224.0.0.5 area 0 on Vlan201 from 172.16.1.9
14:41:01.645: OSPF: Send hello to 224.0.0.5 area 0 on Vlan201 from 172.16.1.9
2. Cluster receives it:
[Expert@FIREWALL-1:0]# tcpdump -i eth7.201 ip proto ospf
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth7.201, link-type EN10MB (Ethernet), capture size 96 bytes
17:31:58.572861 IP 172.16.1.9 > ospf-all.mcast.net: OSPFv2, Hello, length: 56
17:32:07.999643 IP 172.16.1.9 > ospf-all.mcast.net: OSPFv2, Hello, length: 56
3. But cluster drops this packets
Log Server Origin: 192.168.10.204
Time: 2017-07-26T14:52:54Z
Interface Direction: inbound
Interface Name: eth7.201
Id Generated By Indexer:false
First: true
Sequencenum: 2147483647
Source Zone: Internal
Rule UID: 145130C7-F7D3-4628-B3EA-13B005CFA621
Source: 172.16.1.9
Destination: 224.0.0.5
IP Protocol: 89
Access Rule Name: CLEAN-UP
Access Rule Number: 21
Action: Drop
Type: Log
Policy Management: MANAGEMENT-1
Blade: Firewall
Origin: FIREWALL-1
Service: 89
Product Family: Access
Layer Name: Firewall_layer
Interface: eth7.201
Description: ospf Traffic Dropped from 172.16.1.9 to 224.0.0.5

4. However I have rule for allow ospf traffic with number 4 (which is upper than 21)
SRC: Catalyst, Cluster
DST: multicast 224.0.0.5, 224.0.0.6, 224.0.0.1, Cluster
Service: OSPF, IGMP
Action: Accept

Could somebody give any help? Trying to make it works more than two days.

Alexander