Hi Hardeep,
Thanks for your help again but I think I've found the way to do it. You basically configure an additional interface with another of your public IP addresses (in the same range as the static IP on the PPPoE interface) but place it in a different zone (I used DMZ); remembering to disable subnet conflicts on the VRouter. You then create appropriate policies to allow traffic between the Trust and DMZ zones.
This works but there seems to be some drawbacks (at least to me);
1 - Devices in the DMZ zone can never contact the static IP address on the PPPoE interface
2 - You end up using up two of your public IPs on the PPPoE device
3 - Increased policy administration
4 - It seems like an ugly fudge
It would be much nicer if you could simply add interfaces to the same PPPoE BGroup but alas it seems that doesn't work. I was aiming to get rid of a seperate ISP supplied modem and handle it all on my SSGs but I'm not sure I will now, especially as won't be gaining an IP in the process.
Thanks for your responses though, much appreciated.
Thanks,
Zinc
EDIT - Another drawback - bandwidth throughput on the DMZ interfaces is much lower. Using speedtest.net I get 75/15 mbps (down/up) on my Untrust PPPoE interface but only 42/4.5 mbps on the DMZ ones. Back to the ISP modem I think.