Your input firewall rules permit traffic destined to the ZS server itself. INPUT rules #3 and #4 are needless as packets will always be matched by rule #1. In FORWARD chain rules #3-6 are needless as you are describing traffic sourcing from or destined to ZS, which is taken care at OUTPUT and INPUT chains.
You should not have any trouble accessing 192.168.8.1 from the LAN.
From the wan side you will need to port forward from the NATed WAN interface to the internal server, if the server is located in the LAN. This can be done with Virtual Servers. Otherwise if the server is ZS itself you’ll have to enable on the firewall the specific type of traffic.