We raised a support case for a similar issue on the Z3 and mx67C's a couple of weeks, if you add a Vlan rule, it stops the firewall functioning, and pretty much blocks all traffic, other then traffic over the VPN's.
Removing the VLAN firewall entries, and replacing it the IP based rules, allows it all to function properly.
Support was meant to be doing some further testing on this, but haven't had an update to the ticket yet.
My personal advice for the moment, is don't use the VLAN firewall rule options as it doesn't functioning correctly. As ryan suggests, i would log it as a case, so it highlights the issue to the support team/developers.