BGW-320 devices with static IPs
So due to issues I'm having with port forwarding to my Plex Media Server when using IP Passthrough I've decided to try assigning the container running PMS an AT&T provided static IP. Here is my configuration:
<<INTERNET>> ------ <<BGW-320>> ------ <<OPNsense firewall>>----<<cisco managed switch>>----<<LAN DEVICES>>
with the IP Passthrough OPNSense gets the first routable public IP of my /29 (that normally would be attached to the BGW-320). My question is if I wanted my Synology (which runs my docker containers) to have the next static IP I was planning on assigned the IP to one of the spare network adapters on the unit and connecting that to my cisco switch (setting this up so that the traffic goes through the OPNsense. But I'm thinking that I may need to connect this directly to the 320?
Can I just connect this to the switch and in the Synology just configure the gateway to be my AT&T gateway IP instead of the OPNsense box (which is what everything on my LAN uses)?
My concern with a direct run to the 320 is that this port would then not have any firewall protection on it. If I do add a second static IP device can I still run the 320 in IP passthrough or need to make any changes to it?