Is this normally required for internal traffic ?

This is strange?

How is the XG deployed? In bridge or routing mode?

This is strange?

How is the XG deployed? In bridge or routing mode?

Routing, I would say.

Unless I did something very stupid, but routing was the planned mode.

If you have two Interfaces, both on LAN, you need a firewall Rule to allow traffic between both interfaces.

XG is a "Default Drop" Firewall.

If traffic tries to flow between two interfaces (no matter which zone), this traffic gets dropped, without an explicit firewall rule. 

Yep, servers on one interface, computers on the other.

Thank you.

Is there a smarter rule you might suggest ? Or mine is just fine ?

Your firewall rule simplifies the ruleset.

If you want to be more specific, go a head. You can define per Firewall Rule, which IPS Pattern should be loaded and applied.