Currently, unless some kind of 'Guest policy' maybe on AP's (if there) you shoud be able to access all the VLAN's, from the 172.16.50.0/27 network, since the firewall policy isn't correctly applied, you should use something like
configure set firewall name Guest_In rule 20 action accept set firewall name Guest_In rule 20 destination address 172.16.10.3 set firewall name Guest_In rule 20 destination port 3400 set firewall name Guest_In rule 20 protocol tcp_udp set firewall name WAN3_IN default-action drop set firewall name WAN3_IN rule 10 action accept set firewall name WAN3_IN rule 10 state established enable set firewall name WAN3_IN rule 10 state related enable set firewall name WAN3_LOCAL default-action drop set firewall name WAN3_LOCAL rule 10 action accept set firewall name WAN3_LOCAL rule 10 state established enable set firewall name WAN3_LOCAL rule 10 state related enable set interfaces ethernet eth0 firewall in name WAN3_IN set interfaces ethernet eth0 firewall local name WAN3_LOCAL set interfaces ethernet eth3 vif 50 firewall in name Guest_In set interfaces ethernet eth3 vif 50 firewall local name Guest_Local commit
You want access that host using its private ip address (172.16.10.3), or using your FQDN/public ip address, from the guest network ? In the second case, a DNAT rule is needed.