If you add IP address to bridged interface, you can access it just fine. But traffic will no longer look like it comes from/to that interface, the bridge interface will be used instead. Why is it allowed? I don’t know, probably because it doesn’t really break anything, even though it might be a little confusing.
Your main problem seems to be that you can’t touch ESXi settings. Otherwise suggested solution with different VLANs for each ISP would be a simple and clean one.
Anyway, what exactly are you trying to do with firewall? Why NAT, when the point of this exercise was to get public addresses to servers (or at least it gave that impression to me)? Where the LAN comes from, is that some additional private network? If so, how and where it’s connected?