Restricting traffic between site to site vpn

I have set up a vpn between us and a client, and have created an interface and subnet specifically for this, with our main office network being on a different interface and subnet (Local)

1 .Local net 192.168.0.x

2. Separate Network for devices to talk to client 192.168.30.x

3. client network via VPN 10.x.x.x

This is working ok, but have just realised i can access a http address of a machine on the clients network (3) from our Local(1) network, when I assumed it would be blocked as the vpn created auto rules are to allow any traffic between (2) and (3).

I have even created a drop all rule from (1) to (3) in firewall rules but is still accessible via http, but not ping?

bit concerned that I maybe opening up our main network to traffic from the client.