diff --git a/management/server/types/account.go b/management/server/types/account.go
index 6554acb5f..93a1b3e87 100644
--- a/management/server/types/account.go
+++ b/management/server/types/account.go
@@ -1928,7 +1928,7 @@ func (a *Account) GetPeerProxyRoutes(ctx context.Context, peer *nbpeer.Peer, pro
 	for _, proxyPerResource := range proxies {
 		for _, proxy := range proxyPerResource {
 			for _, target := range proxy.Targets {
-				if target.TargetType == reverseproxy.TargetTypeResource && !target.AccessLocal {
+				if target.TargetType == reverseproxy.TargetTypeResource {
 					resource, ok := resourcesMap[target.TargetId]
 					if !ok {
 						log.WithContext(ctx).Warnf("proxy target %s not found in resources map", target.TargetId)
diff --git a/management/server/types/proxy_firewall_rules_test.go b/management/server/types/proxy_firewall_rules_test.go
index e09f761cc..5bec34525 100644
--- a/management/server/types/proxy_firewall_rules_test.go
+++ b/management/server/types/proxy_firewall_rules_test.go
@@ -372,9 +372,12 @@ func TestGetPeerProxyRoutes_ResourceWithAccessLocal(t *testing.T) {
 
 	routes, routeFwRules, aclPeers := account.GetPeerProxyRoutes(context.Background(), account.Peers["proxy-peer"], exposedServices, resourcesMap, routers, proxyPeers)
 
-	assert.Empty(t, routes, "should NOT generate routes for AccessLocal resource")
-	assert.Empty(t, routeFwRules, "should NOT generate route firewall rules for AccessLocal resource")
-	assert.Empty(t, aclPeers, "should NOT include router peer from route path for AccessLocal resource")
+	require.NotEmpty(t, routes, "should generate routes for AccessLocal resource")
+	require.NotEmpty(t, routeFwRules, "should generate route firewall rules for AccessLocal resource")
+	require.NotEmpty(t, aclPeers, "should include router peer in ACL for AccessLocal resource")
+
+	assert.Equal(t, uint16(443), routeFwRules[0].PortRange.Start)
+	assert.Equal(t, "192.168.1.100/32", routeFwRules[0].Destination)
 }
 
 func TestGetPeerProxyRoutes_PeerTargetSkipped(t *testing.T) {