If the switch is sending an ARP for the firewall's IP (I presume that's what you mean by 'layer 2 signal') and the firewall is not responding to the ARP then the switch cannot send a 'layer 3 signal' like you said because it does not have the firewall's MAC address to forward the packet to (since it did not receive an ARP response from the firewall).
You should call into Support and do a remote session so we can see what's going on.
I work with agarg. What we have is a McAfee Enterprise Firewall configured by a third party. We have been working to clean it up over time.
There is another 3rd party (should I call this a 4th party?) on the external interface of the McAfee.
This external entity has a Cisco L3 switch setup.
We are directly plugged into the Cisco Switch with the McAfee's External Interface.
The Cisco Switch gets no responses to any L2 requests sent from it.
So the Cisco Switch needs a Static L3 Route to the McAfee for every address on the McAfee.
We are trying to get it to play nice with the Cisco Switch (out of our control), so that the Cisco switch actually receives the MAC/Address reply. Right now the McAfee does nothing, and it does not seem to be a firewall rule blocking it.
What are some features/services to check on the McAfee to start with?
We researched this and get many articles about configuring the other end, not the McAfee end. I also saw one article that said it will not do multicast on the external connection at all. Which seems sketchy.
It is an HA pair.
No load sharing just fail over.
I will ask the guys on that end if the Cisco Switch is configured for LACP.
I tried to capture any specific traffic sourced from the switch, subnet, multicast, broadcast, any thing L2ish coming into the McAfee from the switch.
But have seen no traffic for the past few hours.
So I may have to ask if they are still configured for it. I hoped it would still be in place for our testing.