Synology nas with Tailscale

[virtualdimension]

I have an OPNsense DEC850 configured like this:

- On port 1 (WAN1), TIM Business modem (192.168.9.1)
- On port 2 (WAN2), Vodafone Business modem (192.168.10.1)
- On port x0 (LAN), connect an Ubiquiti UDM-PRO
The Ubiquiti UDM-PRO have 192.168.1.1 ip.
The DEC850 have the 192.168.3.1 ip.

The DEC850 is configured to handle the two wan connections in load balancing.
In both modems I created a DMZ for the IP address that is assigned to the DEC850. The modems are only used to provide the internet connection to the firewall.
Then, through the x0 port of the firewall, I connected it to the WAN port of the Ubiquiti UDM-PRO (with static IP 192.168.3.20).
All the various network devices (access points, computers, NAS, smartphones, printers, etc. etc.) are connected to the UDM-PRO.

I have read and followed various guides I found online, but I have not been able to solve the problem.
I need your help to configure rules to access a Synology NAS through Tailscale from mobile app's (Synology Drive, Synology Photos, Synology Note, etc etc) with a direct connection. Now it always works only through DERP.

Given that both modems have a DMZ for the IP assigned to both WANs of the firewall and therefore there are no blocks, now how can I allow the Synology-Tailscale NAS, with IP address 192.168. 1.50 (and connected to the UDM-PRO) to be reachable from my external devices (such as iOS and Android with Tailscale client) directly and not through DERP? What additional configurations do I need to do?