As far as I understand it, you have to have a firewall-VM or right in front of each VM for it to work.
For example: sys-net ← sys-firewall ← sys-vpn ← work
If you apply firewall settings in the work VM it won’t work because the firewall will only see VPN traffic coming through.