The issue is probably because of asymmetrical routing. The SSG firewall wants to see the full bidirectional flow of the traffic.
The outbound traffic goes to the SSG because it is the default gateway. Forwards to the other router and off to the client.
The reply packet comes back from the router directly to the client skipping the SSG because the client is in the same subnet as the egress interface on the router.
Without seeing the replies the SSG fails to form a session and drops traffic.
One solution is to move the router connection out of this interface onto an independent routed link. this forces both paths through the SSG and the session will be valid.
Another option is to add source nat to the policy for traffic going to this subnet. Since the source address gets a nat to the SSG interface the reply packet will come back to the SSG and match the session.