Service gateway - how to deal with routing of the instance (not the VCN route table)?

Hi folks,

I am trying out the service gateway, since I see it as a private access for a few Oracle services (that are otherwise accessed publicly), namely Object Storage, Vault, Email Delivery and the likes.

Below is my VCN route table:

RT-Public (used for public subnets):

RT-Private (used for private subnets):

The mentioned instance is a firewall which I used for further control and inspection between the Internet, my OCI network, and my SOHO LAN. One VNIC received DHCP (and gateway) from the public subnet, and another VNIC statically configured (as per Oracle's docs regarding second VNIC)

What should I configure for routing on this instance so that from my SOHO, I can access the Region's services via the new Service Gateway that I just set up?