Here's a collection on "RED with bridging", kept up2date as this thread moves along:
1) When bridging a "redsX" interface with another LAN/WAN port on the ASG, keep in mind that packet filter rules still apply for traffic passing the bridge.
2) We discovered a bug that removes ipsec interface and standard routes from the system when a bridge is added or removed. This is a one-shot problem only, so you can fix it by restarting MDW ("/etc/init.d/mdw restart") or rebooting after adding or removing a bridge.
3) Special case for DHCP:
If devices behind the bridge must pull IP addresses via DHCP from a server in the LAN, you must explicitly allow DHCP traffic to pass the bridge. The easiest way is to create a rule "Any->DHCP->Any->Allow", where "DHCP" is a service definition using protocol "UDP", source port range "67:68" and destination port range "67:68".
4) If RED and LAN are bridged, and you want to allow stuff between these "segments" (which are actually the same segment), without allowing stuff for WAN traffic, you can create a new "Any" (Network 0.0.0.0/0) definition which is bound to the bridge interface. Call it "Any_Br_Internal" for example. Then use this with "allow" rules like:
Any_Br_Internal->HTTP->Any_Br_Internal
Or if you just want to allow everything internally (REDLAN):
Any_Br_Internal->Any->Any_Br_Internal
This will restrict allowed traffic to packets traversing the bridge.
/tom