External domain points to Firewall/Fixed IP: Access only for LAN and SSL VPN

Question

Dear Community, 
 
 I am running an XG Firewall with some ports open, which can be accessed from WAN via a custom domain (Fixed external IP). In particular, I have set up a subdomain fs.xxx.com, which points to my fixed ip. I normally type the subdomain and a custom port, which is then redirected by the FW to my internal Synology NAS and the appropriate port. 
 Works fine so far. Now I would like to restrict the access to this subdomain/network resource only to internal LAN users and SSL VPN users. 
 
 How do I do that? I tried via Allowed Client Networks, but without success. Please take a look on my configuration:

lferrara · Answer

Use this kb: 
 https://community.sophos.com/kb/en-us/122976 
 You cannot restrict access based on FQDN. Put as source zone SSL and Lan only and check only rewrite source address. 
 It should work!

Aditya Patel · Answer

Hi , 
 Is your Subdomain operating on a different port. You may also opt for WAF configuration to control the content accessible from WAN even though its a same host address