In my lab, I have 2 Cisco SG350-10 switches connected to a Palo Alto 220 firewall. On my switches, I want to do layer 2 switching and routing on the firewall. Here is my setup:

SG350-10 switch #1

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port connected to Palo Alto (tagging all VLAN's except VLAN1)

port 10 set as trunk port connected to Switch #2 (tagging all VLAN's except VLAN1)

SG350-10 switch #2

ports 1-3 VLAN2 set as access ports

ports 4-6 VLAN4 set as access ports

ports 7-8 VLAN5 set as access ports

port 9 set as trunk port - not used

port 10 set as trunk port connected to Switch #1 (tagging all VLAN's except VLAN1)

VLAN1 192.168.0.1/16

VLAN2 10.0.2.0/24 (Gateway .1)

VLAN4 10.0.4.0/24 (Gateway .1)

VLAN5 10.0.5.0/24 (Gateway .1)

In VLAN management>VLAN settings, I have the VLAN's created

In IP Configuration>IPv4 Interface I have the VLAN Interfaces created with the appropriate IP addresses and subnet masks.

PC #1 10.0.2.5/24

PC #2 10.0.4.5/24

PC #3 10.0.5.5/24

I have the interfaces set up in the Palo Alto 

I can connect each PC in the appropriate VLAN and ping the other by IP address. Even VLAN's between switches. The only thing I can't ping is the gateway (.1) on the firewall from any VLAN. Do I need to set up an IPv4 route to the firewall?

I am wondering if I am missing something in my switch setup. Any help would be appreciated since I am fairly new to this?