Hello Ertan
Maybe it would be a lot easier if you move the firewall away to another VM.
I love NethServer and use it to manage about 20-30 clients. The NethServer is AD, and provides files, mail, Nextcloud, Zabbix monitoring and other services. All Clients use Proxmox as Hypervisor, I’d suggest taking a look at it.
Proxmox gives me:
- Live Backups of any OS
- Live Migration
- Full HA Cluster
- All Administration via Web, all Cluster members are equal!
And a lot more! I used VMWare from 1997 to about 2014/15, then started moving to Proxmox.
Proxmox is rock stable. With Proxmox backups / snapshots & NethServers own Backups, I’m almost high available, without really being HA…
BUT:
I DO prefer having my firewall separated from my NethServer, as that gives me less headaches with Routing and Firewalling, especially considering that the NethServer AD is another layer of virtualization inside of NethServer.
I use OPNsense, the fork of PFsense, itself a fork of Monowall. Monowall’s creator suggests using OPNsense, NOT PFsense! After forking their own product, they made a big fuss when someone forked their code! Not very open source mentality!
OPNsense is free as NethServer, you can download it and install it within 20 minutes on any Hardware, including virtual. It can easily do IPsec, OpenVPN AND even Wireshark.
All Options valid for PFsense are there in OPNsense too, I needed that for a client in Germany, with T-Online (Telekom) as their Provider and SIP Provider…
That Option is available in OPNsense under advanced in the GUI.
PS: OPNsense has WOL available in GUI, you just need to give users login and WOL-GUI permissions… 
My 2 cents
Andy