Been doing some digging and trying to find if the MX firewalls support non-connected networks like the ASA/FTD devices do. Provider gear is giving us a /30 to interface with but also a /28 that im assuming they are using as a secondary IP/subnet on the same interface based on the review of the existing firewall configuration.
The ASA supports this with the following command: arp permit-nonconnected
Thanks for the link. Sounds like we should be good with the MX then since we would be using NAT xlates for that secondary subnet. As long as the MX will answer the ARP requests from the provider we should be fine.
I just didnt want to rely on the ISP to change their configuration to accommodate us. Since worst case i could look at having the remove the secondary configuration on their interface so its not seen as "connected" and instead have them actually put in a route statement to our MX for the secondary range.