I've got 2 XTM25's with a CIDR block DMZ'd between them, and am running 2 S2's behind then in the LAN. Nothing special should be required to get them running, unless you're running some type of web filtering for users on the XTM25. In that case you policy order becomes critical, as the miners-bypass-filter allow rules would need to be at the top of the rule list (e.g. evaluated first) to ensure they could get their requests out to the web.

On some of the WatchGuard routers there is a policy analysis tool that will tell you what rule can/will block traffic to/from internal and external targets.

Also be sure that the DNS servers used by the miners aren't being filtered/restricted in case the pool isn't in the allowed sites list.