To be fair - I suspect it reflects how most people manage their devices.
Personally I tend to use management VLANs to restrict local lan device access to the web ui on remotely deployed devices (so when I’m onsite only I can access the webui with a device in the right VLAN), then manage the entire estate using IC2 / remotte web admin. That approach (combined with IC2 managing the admin username and password centrally - and using long passwords) works perfectly for me and I suspect most others.
I had to run up test devices in my lab here to check what you wanted to achieve as I have never configured remote access (and locked it down locally) in exactly that way before using Peplink devices - which considering how long I’ve been doing this and the number of customer deployments I’ve been involved with in itself says something. Perhaps this is a reflection of differing approaches to remote web ui access between vendors.
However I agree that with a traditional NOC approach and using traditional management tools, the capability to do what you want here (locally secured webui access available over vpn) is important.
I’m sure Peplink engineering will consider improvements that could be made to enable that approach.