If you don’t really know your system to maintain, you cannot really configure it.
And, as stated above, it is necessary ( use the german mathematical term ‘notwendig’ ) to have a dedicated access to the firewall. It isn’t sufficient, to do this from client in the LAN only.