Connect a webbased admin interface between two different networks internal in rhel 7.2

The server acts as a sftp server only, on a external network which is isolated from the domain.

I can manage the software 'wingftp server' via the console but is is easier to manage this sftp server via the webbased admin interface, which cannot be done on the server itself (minimal installation).

To do this I need to use the servers ip with a specific port number, which I can open in firewalld and everything works fine. Except I won't open this port on the external firewall so I can't use this method when in production.

So my ideal\secure situation would be to connect a computer to the second network card on the server, so that it has a direct link (old cross cable situation), when management is needed only.

How can I make this work?

I tried to have the 2 interfaces in the same zone and forward the ip, tried it with different zones. But I can't successfully connect to the webbased admin interface.....

Which setup would you recommend, this should be just about nat ing the two networks to each other, or not? And if so what is best practise for this?
or should I enable the service to listen on both ip addresses?

Any help would be appreciated, I am getting a bit lost now with firewalld

I can always just put a switch in between and get another ip on this vlan and since it is only an internal segment it should work fine, but they feel it is not secure enough. They only want one ip on this network segment if possible....