This is better trace. As suspected, there are missing ports from your ACP
which are not allowed and falling in default action. Sample below.

Review MS documentation to ensure all required ports are allowed.

10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 match rule order
52, 'Default Action', action Block
10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 MidRecovery data
sent for rule id: 268435577,rule_action:4, rev id:1052613730,
rule_match flag:0x0
10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 HitCount data sent
for rule id: 268435577,
10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 deny action
10.100.20.55-53796 - 10.100.5.74-62003 6 AS 1-1 CID 0 Firewall: block
rule, 'Default Action', drop
10.100.20.55-53796 - 10.100.5.74-62003 6 AS 1-1 CID 0 Snort: processed
decoder alerts or actions queue, drop
10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 Deleting session
10.100.20.55-53796 > 10.100.5.74-62003 6 AS 1-1 I 5 deleting firewall
session flags = 0x0, fwFlags = 0x1000, session->logFlags = 0ec4008c0
10.100.20.55-53796 - 10.100.5.74-62003 6 AS 1-1 CID 0 Snort id 5, NAP
id 2, IPS id 0, Verdict BLACKLIST
10.100.20.55-53796 - 10.100.5.74-62003 6 AS 1-1 CID 0 ===> Blocked by Firewall


**** please remember to rate useful posts