Hey @Seshu, thanks for the response! That's what I suspected, but the clarity definitely helps.
Fortunately it looks like it was getting blocked by IPS/IDS and was overlooked in Security Center. Shows that the Datto Appliance is being treated as an SSH_EVENT_RESPOVERFLOW threat, and looks like there are others with MX appliances that are facing the same issue. Whitelisting allowed the appliance to successfully offsite.
I'm assuming there is also no way for you to whitelist a Rule ID to a certain scope devices?
Not sure if it's a bug with the MX firmware, or if a specific version of SSH/SFTP software on the appliance is causing the MX falsely claim it as a threat.