Personally I don't run the NTP service on the router but on both my NAS (which sync to Internet NTP). I then direct SRM to use the backup NAS as its NTP server. If the Internet goes down and I need to reboot the router (which is more often the case when trying to troubleshoot or refresh after an outage) it will have a NTP service available. If I recall right, using 2-step verification can be time dependant and my SRM admin uses 2-step.
Your firewall rule is set to allow any device, LAN or Internet, to access your router for NTP, so I'd delete it. Likewise the disabled rule below it ... I would restrict web access to the SRM to local devices only. You can run VPN Plus and allow users to first authenticate using that and then they can using the SRM LAN IP to access the web portal.