Did you get this working? Definitely check the application guide linked by v-markb.
If you merely need the 3305 to route all traffic between the /30 and your /28 network, without security policy, then you can setup the firewall so that both interfaces are in the same security zone (policy-class), say, Private. Add a rule/policy to allow all traffic from Private to Private.
If you need security so that the 3305 will act as a firewall, then I think your best bet is to setup the firewall so one interface is in a Private security zone and the other in Public, or similar. Make a new policy/rule to allow all traffic from the Private to the Public zone. Add policies from Public to Private as needed.
Does this fit your project? Let us know how it goes or if you'd like to see a configuration example.
I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.