Help with rule set needed

I have a M4 mac mini that has a 10Gb ethenet connection and a 2.5Gbe ethernet dongle.  The M4 mac mini is used as a headless server. 

What I want to do is to use the 10Gbe to connect thru a 10Gbe switch to my main mac at 10Gbe speeds on my secure network to transfer files.  I do not want the server to access any other device or internet on the secure network, only the main mac. 

I also want the mac mini server to access the internet and other devices thru the 2.5Gbe dongle connected to a different less secure network.

So here is my rule set for the firewalla and questions:

1) Block all traffic to and from the Mac mini on the secure network using the fixed IP of the mac mini

2) Allow traffic to the mac mini on the secure network using the fixed IP of hte mac mini to the fixed Ip of the main mac

Question - since these 2 are in conflict, will the firewalla be smart enough to block all traffic except to the mac mac?

3) On the less secure network, use standard rule set for the mac mini.

Then on the mac mini, I have both ethernets enabled.  When I set the service priority to have the 10Gbe highest priority, I cannot access internet on the mac mini.  It seems the mac is not smart enough to know if the firewalla blocks internet access on the 10Gbe, to go thru the 2.5Gbe.  So when I set the 2,5Gbe as top priority, the mac mini accesses the internet.  But then will file transfers go thru the 2.5Gbe network instead of the 10Gbe network?  I used to do this with Thunderbolt over IP and it worked with the thunderbolt as top priority, but since 10Gbe is faster,  I wanted to do it this way.  I also wanted to avoid the complication of using VLANs because of the expense of buying half a dozen managed switches.