if you can do a quick test on a different switch, that would at least rule that out as your issue. if not, try disabling STP and retest
That was my guess, using a trunk to link the vlan to an edge switch not affected by stp, and connecting the firewalls there. This way, the 5300xl won't have to detect which port is connected to the gateway (the 5300xl is a routing switch for the lan) Will try it during the weekend... Sebastien
