Not sure about this, so maybe someone else can correct me if I'm wrong.
port 514 is probably syslog (shell on tcp, syslog on udp, more likely syslog coming from a router). The router is probably set up to send its log files to your firewall server. If you want the firewall server to receive the router's logs, have the port open and set it up as a logging server; otherwise disable the logging on the router and close the port on the firewall.
Port 520 is RIP,a routing protocol. This is the sort of thing routers send out in case your firewall is also a router. If it isn't, I don't think there's any problem closing the firewall port.