The configuration seems to be fine on the FW. We need to first confirm if the traffic is being sent to the FW or not and also if it is sent then why it getting failed, Can you please collect the below debug logs for further troubleshooting :
Commands:
unset ff #-( run this till you see 'invalid id' output)
set ff src-ip X.X.X.X dst-ip <E0/0-IP>
set ff src-ip <E0/0-IP> dst-ip X.X.X.X
clear db
debug flow basic
# Initiate traffic
# press 'esc' key on keyboard to stop both debug
get db st #--(will provide you the output)
Also collect the "get tech" and attach it.
Regards,
Rishi
JTAC