[USG Flex H] - Wireguard/Tailscale

Hello everyone,

Today I've tried to configure the Tailscale VPN, but I've some questions about:

1. Why is not possible to use Wireguard? I think that Wireguard is more affidable than Tailscale. Tailscale is a service on-top of Wireguard, end of support/develop, end of Tailscale service; instead Wireguard is a low level app, that works directly with IP/FW Rules. Tailscale is a service, Wireguard the protocol;
2. As per #1 using Tailscale, can implement less security than Wireguard. Using Tailscale send my network packets to an external service, I don't connect directly with my FW/LAN, I pass all my packets to Tailscale that forward to my LAN;
3. For use the Tailscale direct connection, I need to open UDP port. How is possible to do that? I see some packets pass from my phone ISP carrer, to my WAN IP on the Tailscale port. In this case I need to open the FW rule from ANY to Zywall on the UDP Port; is really this the configuration? Is really safe allow the UDP port to ANY? Can I change the default Tailscale UDP port? I see that per default there are 2 FW rules from Tailscale to any and from Tailscale to Zywall, but seems that the direct connection don't use those rules.
4. Is possible to configure multiple Tailscale VPNs? Can be interesting use one VPN for internal use only, and one for internal use+exit mode.

Thank you so much