You can add a loopback NAT to your Cisco router, so that when going to the public address, it never gets to the ZTE:
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.0/24 -d <static ip> -p tcp --dport 80 -j DNAT --to-destination 192.168.2.x
This is prerouting, so the first step. If says, if the source is from the internal network going to the static IP of your server on port 80, then make the destination IP the internal IP of the server.
As this is prerouting, routing happens next - it will see the destination IP is the internal network, and route the packet back out of br0.
An alternative approach would be to install a DNS server internally. You could then have DNS name for your server that resolves to the public address when external, but resolves to the internal address when internal. Then you wouldn't need any NAT.