Unable to block/permit traffic with Peplink's WAN interface as source or destination

We have several Peplink Devices that are directly connected to backbone (they are not behind firewall). We have remote access enabled for them and we would like to block all traffic that has WAN’s IP Address as a destination except for the HTTPS web admin access and the L2TP ports. However, we have checked with support and the Peplink devices do not support firewall rules to handle traffic that has WAN’s IP address as source or destination. The firewall rules config section only works for traffic passing through the device being originated by a device on LAN.
Since Peplink’s devices has stateful firewall features it is quite common for a firewall to be able to block/permit ports on its own WAN interfaces.