Hi, I'm not sure how the Aruba 5412R zl2 kicks into your WAN scenario (the Aruba 5412R zl2 is behind your Firewalls...so behind the NAT that is separating your LAN side from your WAN side)...for sure if your Firewall's HA (Heartbeat) link admits to pass through a switch - without mandatorily being a direct point-to-point connection between your two Firewalls - then the Aruba 5412R zl2 switch can help in that regard (as it happens with many other managed switches): just use two ports both untagged member of a dedicated VLAN without any associated IP Address (so no routing for that VLAN if routing is enabled on your Switch/Firewall)...doing so those two ports are definitely isolated from the rest of your internal network (a VLAN is a broadcast domain) and they can be used by your Firewalls as those two ports belong to another logically separated switch. Probably having the HA link passing through a Switch is not a good idea at all...AFAIK HA (Heartbeat) link(s) should always be direct copper/fiber optic link(s) between appliances forming a Cluster.
I'm not an HPE Employee
@Chuckak wrote: How do I assign the single IP X.X.X.X /30 address and its gateway to that port?
You can't. Aruba 5400R zl2 doesn't let you to set a particular port in "routing mode"...at best you can configure a VLAN, assign it a dedicated IP Addressing (that VLAN will start to partecipate to IP Routing) and then use that VLAN IP Address to route traffic through the last resort route or through a static route to preferred directly connected gateway interface...letting a port to be a untagged member of that VLAN (or letting a port to be tagged member of that VLAN, if Firewall side you're tagging the LAN port used for downlink to the Switch).
I'm not an HPE Employee