The device certificate process checks in regularly to automatically keep the certificate up to date and to make sure it isn't revoked. The error that you are getting can be caused by a few different things actually. I would verify that your firewall is actually getting to the URL properly according to your logs and verify that a client behind the firewall can reach that URL.
Be aware that the website will give you a certificate error and will prompt you for a client certificate. As long as you can get that prompt your firewall should be able to access the website without issue. The firewall trusts the website and presents the device certificate to authenticate to the site, so as long as your device certificate is valid you should be all set.