It appears that if port 1 is put in 'bridge mode', devices using port 1 acquire (or try to) a second IP on the WAN.
Can you purchase a second IP on the WAN for this (dynamic or static)?
Typically most connections have allowed two dynamic IPs in the past. If you have a device that has tried to grab too many IPs though, that would be where you'd run into trouble.
Is the BitDefender box physically connected correctly? If you have the cable in the wrong port on the box, it will be allowing devices to directly connect out to the internet, or at least be trying.
What I would have done is simply put a gigabit switch on the ONT with the T3200M on one port, default settings, no messing with DMZ or bridge mode. Then put the BitDefender box on another port on the switch and skip most of the garbage involved in their setup procedure. I stopped using BitDefender a long time ago after experiencing way too many problems with their software.
The ONT going into FAIL may be related or may be totally unrelated. I don't know. Telus' techs would know way more since they work for Telus and have access to the tools and hardware. There is also the possibility the BitDefender box is malfunctioning as well and is causing issues.