Firewall blocking port 5000 when rules are allow Any any?

Hi all, I purchased a RED 15 for home to perform offsite backups of our work data on to a Synology DS1819.

All is working well.. sync over port 22 is fine, I can access CIFs from either side of the network. For all intended purposes the job is done.

The problem i have is that from the office, i can't control the web portal of the NAS box.

When you hit the page http://10.200.160.6 that tries to forward you to http://10.200.160.6:5000  

log viewer shows.

setup

[Synology DS1819+]  >  [XG210]            >  [RED15]            > [Synology DS1819+]

10.200.150.18                10.200.150.1        10.200.160.2        10.200.160.6

Used this doc to set this up.

https://community.sophos.com/kb/en-us/126454

Red operation mode in standard / unified.

DHCP from the XG.

I added a firewall rule to allow RED ANY ANY > LAN ANY ANY

Also modified existing rule to allow LAN ANY ANY > RED ANY ANY.

These work fine, i can access anything on the network from a laptop plugged into the RED device. and from the office I can access the CIF share, ping the NAS, and SSH to it.

Do we know what could be happening when trying to access the web management tool?

i'm guessing a routing issue? it can't find where the request came from?

last note:

I'm doing all my testing from home and RDP'd into my office PC over a VPN connected PC (software -not using the RED).

When I first setup the NAS at home, I had to access the NAS web portal from my work PC to ensure sync was setup, after about 20 minutes of operating, NAS web access just stopped.. 

its like something on the firewall has taken a dis-liking to it.

the web portal service isn't the problem as i have plugged a second laptop into the RED box (so on the same lan as the NAS) and the laptop can see the NAS pages just fine.

Thanks in advance

Dave