I'm not 100% sure of your diagram (does the presence of two externals - "Ext" and "External" mean there are two Firewalls here?), but it would suggest that there may well be a routing issue, but not necessarily with McAfee Firewall.
- Does the source host have an explicit route or default gateway that would route traffic for the destination network via the internal IP address of the 1st Firewall?
- Does that first Firewall have an explicit route or default gateway that would route traffic for the destinaion network via the internal IP address of the McAfee Firewall?
- If the traffic passing through the 1st Firewall is not having source NAT applied (retaining the original source IP address), is there a static route present on the McAfee Firewall that would route traffic for the source host's subnet back via the "external" address of the 1st Firewall?
If any one of the above questions is answered "no", and assuming there is an appropriate SSH rule allowing this traffic to pass through each Firewall, then this is why the connection attempt is failing.
You were spot on it was routing issue with Switch.It has no Route back to MCafee firewall.
I added the Route to switch and all worked fine.