Can vlan1 (switch default) be considered for use with ssid without vlan tagging?

[jang430]

Not sure if it's clear on my title. My HP switch comes default with vlan1, which has all ports untagged. I use Unifi, and in my controller, I have 3 SSIDs. SSID1 (no vlan set), SSID20 (vlan 20 for guests) and SSID30 (vlan 30 for IOT).

On my switch, as mentioned above, vlan1 has all ports untagged. vlan10 has port 1 (uplink port) as tagged, port 13 and 14 tagged (I have 2 APs with all 3 SSIDs), the rest are exlcluded. in vlan20, I have the same, port 1 (uplijnk port) as tagged, port 13 and 14 tagged, the rest, again, are excluded.

My Sophos XG Firewall has vlan 10 and 20, each with their own firewall rule. This works well in isolating access from clients on 1 ssid to the other. The firewall rule works as well, they have different access.

As for SSID1, I didn't use any vlan, in my switch, I assume it is part of the excluded, and in my firewall, I assume it will be using default firewall rule. When using, rules set for vlan 10 (SSID10) and vlan 20 (SSID20) works. But for SSID1, some default firewall rules don't work as intended. Whereas when connected to vlan 10 (SSID10) and vlan 20 (SSID20), works well.

Has this anything to do with vlan1 on my switch, SSID1 on my controller, and default firewall rule on my firewall?

One of the things that don't work well is SSID10 and SSID20 can connect to VPN properly. My SSID1 can't connect.