Awesome! Thanks for the reply.

I tried to assign Ge1 to 'separate network' but it complained that it was the pivot port for Lan Switch 1. Can I just delete Lan Switch 1 all together and then use Ge1?

I've never tried to do that and don't know if it's possible.
Even so, if you've assigned the other ports to "Separate Network" then there is no actual reason you need to delete it.

Thanks Tom

When you say "Quantum Spark appliances will need at least 1 Internet connection configured for it to be defined as an "External" interface to reach outside", isn't that done typically done via the topology config in the policy on the object?

Note that I have not gotten to the policy stage yet on the Quantum Sparks. I'm speaking to your response based on what I do in Smartconsole when I create/add a firewall object and change one interface in the topo to be external (Internet). Is it different on a locally managed Spark?

Yes, for centrally managed Spark, if a internet connection is configured on the Spark device, than it should automatically be assigned as a External zone when fetching the topology in Smart Console.

The different part from Main Train is that the default gateway can only be configured in the Internet Connection and not the routing table.

I mentioned this because there "is" a way to configure default route in the routing table without configuring a internet connection on Spark, but I reckon that won't be officially supported in terms of topology and inspection. (Configuring Spark LAN interface as external interface).
You might want to consult with TAC about this if this is what you're trying to achieve.