I've got my XG v17 beta1 firewall setup using esxi 6.5. It's setup as a bridge with port 1 in the WAN zone and port 2 in the LAN zone. No AV or IPS services are enabled. I can ping the bridge's ip address from both ports. I've disabled routing on the bridge and disabled nat on all firewall rules. Other than the default rules added during setup, I've added a 3rd rule - WAN to LAN which allows traffic from the from WAN zone to LAN zone.
According to the log viewer, broadcast and multicast traffic on multiple vlans can pass between the ports on the bridge using my WAN to LAN rule. If I disabled the rule I've added, no traffic can pass between the interfaces.
Policy test shows that traffic originating the LAN zone does not hit a firewall rule and is therefore dropped. The default rule added during setup specifically allows Lan zone traffic to pass to the Wan zone. The firewall page shows that the traffic counters are incrementing, but nothing loads.
With regards to esxi - I did have to enable 'forged transmits' on the vswitch connected to port 1 in order to ping on the wan port.
I'm not sure if it's a bug, but it certainly didn't work right out of the box for me. Therefore, I thought I should report it.
