Lutron Caseta and Apple home/Siri issues after installation of Sophos home

Question

Hello, 
 I recently configured a Sophos XG home device for use and it has been working great, except for one issue (so far): 
 Siri doesn't seem to work correctly with our at home setup. We have a Lutron Caseta smart lighting system throughout the home, that device is plugged into a switch into Port 1. Port 3 is bridged to LAN which is our Sophos AP 55c. I do have 'Enable routing on this bridge pair' enabled. 
 My Wireless devices Apple Home Pod/iPhones/Apple Watch/MacBook/etc. are having difficulty communicating with the Lutron Caseta. Normally. I should be able to say "Hey Siri, turn on the kitchen lights" and it's done pretty instantly. However, intermittently, this works and doesn't work since I got the Sophos XG configured. Meaning, Siri responds "cannot communicate with devices" 
 I am able to access the Lutron Caseta at all times (even when Siri is not working) with the Lutron app. When I check the Apple home app (which I should be able to control all the lights with on my phone) during Siri not working, the buttons all say "Updating" and I cannot access the light switches. 
 That being said, I have a LAN > LAN rule configured with Any / Any using any services. Would it be wiser to configure a Lan > Lan Port 1 / Port 3? 
 Additionally, I did a packet capture & checked the firewall logs between the Lutron device and my iPhone using Siri and saw the following 
 
 I did some research and am aware that Invalid_traffic with no header seems to be dropped and this is normal for logging, however, when i've taken packet captures and Siri is working, I don't see any invalid_packet drops. 
 What other troubleshooting can I do? Does anyone else have issues with at home apple devices? Is there something additional I need to configure? Any assistance is greatly appreciated, the Sophos community is great and I thank you for any help. 
 
 Some additional information: 
 Firmware version: SFOS 17.1.2 MR-2 
 I have IPS enabled, Country blocking, and HTTP Malware scanning (not configured HTTPS, yet) but that's to WAN (Screen shot of firewall rules below) 
 Also, if you guys catch anything maybe I didn't setup (I regard myself as novice > intermediate with networking) please let me know.

AB5g · Accepted Answer

I am sorry, I don't have an exact answer for you but here are some pointers. Apple Homekit relies on Bonjour for device discovery. Bonjour in turn replies on relies on mDNS which is a multicast service. Typically, if you have a bridge interface, multicast packets should flow without interruption. I would suggest the following approach 
 
 Use a bonjour browser to see if device discovery is working 
 Reboot the firewall after you disable the routing on this bridge pair. Reboot the devices too. 
 Try using an external switch for bridging (if you have one) instead of the firewall ports. 
 Add a LAN to LAN firewall route enable everything. Place on top. 
 
 Under Routing>> Static routing >> Enable Multicast forwarding (you wouldn't need this in a bridge but well let's give it a try). I have a Synology NAS sitting on a different VLAN and I use this along with a static route to enable DLNA discovery across VLAN's. I know its not applicable for your scenario but try enabling the Multicast forwarding without a route and see if this works. 
 This is my NAS (11.11 on VLAN 11) broadcasting DLNA to my main subnet.