The ER-POE has L2 capability for eth2, eth3, eth4. You wouldn't want to bridge these and instead would want to create a switch with these.
You only listed three devices, but if you truly need four ports on the same subnet then you could use a bridge, but beware that bridging disables hardware offloading with the associated performance hit.
Otherwise, yes, you would simply use the swtich or bridge interface in your firewall configuration instead of the physical interface.
