Hi,
The config looks OK, ACL 9 should be hit before 6 and 7.
Can you collect a flow debug on HQ box while attempting the internal ping?
clear db
unset ff (repeat till you see a message - Invalid ID)
set ff src-ip <laptop ip> dst-ip 192.168.230.1
set ff src-ip 192.168.230.1 dst-ip <laptop ip>
debug flow basic
<<Run the ping test>>
undebug all
get db st
The last command will print the debug trace, please share it.