Routing VPC to VPC traffic through an on-prem firewall via Transit Gateway

A customer is trying to setup VPC to VPC routing through their on-prem firewall over TGW. The desired behavior is that traffic from VPC-A will route through the on-prem firewall to get to VPC-B. With the current setup, the traffic routes from VPC-A to VPC-B without making it to the on-prem firewall. When we perform a traceroute, the 2nd hop in the path is a 169.254.x.x address, which I believe may be the DXGW or something similar. I can replicate the same behavior If I have a 0.0.0.0 route defined to a nat gateway as well, but in that case the 2nd hop is the nat gateway address. The customer POC setup is as follows:

VPC-A - 10.0.0.0/24
VPC-B - 10.0.1.0/24
DXGW connected to DX via TVIF

VPC-A-Route-Table Routes
10.0.0.0/24, local
0.0.0.0, TGW

VPC-B-Route-Table Routes
10.0.1.0/24, local
0.0.0.0, TGW

TGW -VPC-Traffic route table
associations:
VPC-A
VPC-B

Propagations:
DXGW

Routes:
On-Prem routes, propagated
0.0.0.0/0, DXGW attachment, static

TGW - On-prem traffic route table Associations:
DXGW

Propagations:
VPC-A
VPC-B

Routes:
10.0.0.0/24
10.0.1.0/24

I believe we are missing an explicit route to tell traffic to use the on-prem firewall for routing of VPC to VPC traffic, but I am not exactly sure of the best place to configure that in this scenario.