Unable to access local server using FQDN... but can access from internet

Solution 1:

If I am ON my home network (the same network as the server), and I try to navigate to server.mydomain.tld, I either get: a) The firewall login page, or b) A browser error about a self-signed certificate (which looks to be provided by the firewall) which I can bypass and then... get to the firewall login page

The usual problem with NAT-based "port forwarding" is that it does not apply from the inside.

Attempting to use it when both the client and the server are in the same subnet would simply not work – the client's requests would go through the router normally, but the server's responses would not, meaning the router wouldn't be able to un-NAT them. So your router simply doesn't bother trying.

Some routers have a workaround for this, labelled "NAT hairpinning" or "NAT loopback". This additionally rewrites the client IP address, making it look to the server as if all LAN connections are coming from the router itself.

In general, though, a better workaround would be to use local DNS to override your FQDN so that while you're in the LAN, it directly resolves to the server's internal IP address instead of the external one.

Possibly an even better workaround would be to place the server in its own IP subnet, separate from all clients. It doesn't have to be physically segmented – it would work even if both subnets were sharing the same ethernet. Because cross-subnet traffic does go through the router, it would technically allow port-forwarding to work without problems. (That is, assuming the router's firmware lets you do that.)