Here is the setup:

The ISP core is CISCO

Fiber Point NID with a single connection from the Internet. 2 public
networks, WAN,DMZ, and one private.

Private network is 10.0.0.0 255.0.0.0
8 VLANS consisting of 10.x.0.0 255.255.000
All VLANs routing is fine

Presently running a Firebox 1000 w/ Watchgaurd.
3 interfaces bound
1 - eth0 - WAN IP - aa.bbb.76.130 255.255.255.128
2 - eth1 - Private - 10.101.255.254 255.255.0.0
3 - eth2 - DMZ - aa.bbb.78.225 255.255.255.240

Routing table:

Destination Gateway Genmask Flags MSS Window irtt Iface
aa.bbb.78.224 0.0.0.0 255.255.255.240 U 0 0 0 eth2
aa.bbb.76.128 0.0.0.0 255.255.255.128 U 0 0 0 eth0
10.101.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 10.101.255.1 255.0.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 aa.bbb.76.129 0.0.0.0 UG 0 0 0
eth0

Everything routes correctly.

I am trying to replace with BM38sp4+.

3 interfaces bound
1- Private - 10.101.255.254 255.255.0.0
2- Public - aa.bbb.76.130 255.255.255.128
3- DMZ - aa.bbb.78.225 255.255.255.240

Routing table:

Destination Gateway Flags Metric Netif
aa.bbb.76.128 aa.bbb.76.130 PUBLIC_EII
aa.bbb.78.224 aa.bbb.78.225 DMZ_EII
10.101.0.0 aa.bbb.78.130 US 1 PRIVATE_EII
10.0.0.0 10.101.255.1 GUS 1 PRIVATE_EII
0.0.0.0 aa.bbb.78.129 GUS 1 PRIVATE_EII

All routes from PRIVATE to DMZ,PUBLIC, and INTERNET work.
All routes from DMZ to PRIVATE,PUBLIC, and INTERNET work.
All routes from PUBLIC to PRIVATE,DMZ and INTERNET work.

Route from the INTERNET to PUBLIC works.
Route from the INTERNET to DMZ does not work.

A bounced of the FIBER POINT NID is done when each router is replaced

IS problem on my end or the ISP?