Internal Router (Cisco ISR1K) to Firewalla Gold

I would like to use a Cisco ISR1K as an internal router. The ISR would then have a default route that would send packets destined for the Internet to the Firewalla. However, I can't seem to get this working and was wondering if it was supported.

For example, on the ISR, I have two internal VLANs, 10 & 20. VLAN 10 is 192.168.10.x/24 and VLAN 20 is 192.168.20.x/24. I have VLAN 5 (192.168.5.x) between the ISR and Firewalla. The ISR has a trunk link to the Firewalla (not a routed port, using the SVIs instead) and is passing all VLANs (I assumed a routed port would not work).

Even though the ISR is the default gateway for the clients, I did configure the same VLANs on the Firewalla, including NAT'ing for each VLAN.

I can ping the Firewalla's VLAN 5 interface from a client on VLAN 10. So I know the packets are at least making it to the Firewalla and back. However, if I try to ping an internet address like 8.8.8.8, then I don't get any response.

Anyway, if you have any ideas as to how I can use the Cisco router as an internal router and then just forward packets destined for the Internet to the Firewalla, let me know, even if it requires some Linux configuration. I would like to keep the Firewalla in Routed mode to take advantage of all the features, I just don't want it performing the routing between internal subnets.