Currently I could find no articles on the preferred method for Whitelisting a PCI ASV Scanner on the XG Firewall, given the number of businesses that are PCI compliant I would think there would be a general tutorial that outlines how to add the scanners IP's, where to place them in the firewall rules and how other rules and or aspects may also affect the outcome.
I should add that you need to create a new firewall rule for the scanners IP addresses or FQDN, disable all security measures and place it at the top of the rule list.
If you do not do this scanners may flag you for firewall interference, see https://www.tenable.com/plugins/nessus/96281 once this was flagged Tenable would not pass the PCI attestation.
Respectfully,
Badrobot