VPN and VLANs approach

Hello everyone, I am seeking some assistance.

I have an M4300 52-port managed switch, on which I have configured two VLANs: VLAN 1 and VLAN 5. Additionally, I have set up an ACL to prevent undesired communication between these VLANs using Advanced - IP Extended Rules. In this ACL, I have included specific rules that allow the Internet gateway IP for each VLAN, incorporating both IP and host-based rules. Both VLANs have DHCP address allocated from the switch.

Above the switch is a Checkpoint firewall that can grant VPN remote access on a specific IP subnet, in this instance 172.16.10.0/24. I aim to permit VPN users to access VLAN 1 but not VLAN 5. Now, my question is, do I need to create a VLAN on the switch to accommodate the 172.16.10.0/24 subnet and then create IP ACL rules to permit or deny access?

Am I approaching this the right way, is there a better method to achieve my goal?