VLAN10 - Connection between a Wi-Fi router and a switch
VLAN20 - WiFi devices who must have access to the local network and the Internet, as well as to file storage (NAS)
VLAN30 - WiFi devices access for Internet only (Guest WiFi)
VLAN40 - Access for VLAN20 and VLAN50
VLAN50 - Access to VLAN40 and Internet
Your assumptions in the drawing are wrong.
The switch would not be able to bridge from VLAN40/50 to VLAN10. You would need to have all VLAN's on the Trunk. Or is your Managed Switch a Router/Switch?
Your wireless router/firewall would need to route between the VLAN's.
As mentioned the connection between the Router and the Switch (Trunk) would need to have all VLAN's configured it should carry (in your case VLAN 40 and 50.
And on the router you then need routing between VLAN 20 and VLAN 40/50
Do you need all those VLANs? What are you gaining from separating trusted wifi, wired, and NAS? Just because you can separate devices out doesn't mean you should...
I would start out with two networks: untrusted (guests) and trusted (trusted wifi, wired PCs, and NAS). Otherwise you're going to need to set up a bunch of routing and firewalling between the three separate but basically trusted networks that you propose as VLANs 10, 40 and 50. (Having the NAS and local users of the NAS in the same VLAN is especially recommended because then that heavy traffic can be hardware switched without imposing on the router CPU.)
Back to the original question there are two ways to set up a LAN port on the switch page:
"Access" for a regular non-VLAN-aware device like a PC: Untagged in one VLAN, off in all others.
"Trunked" to a VLAN-aware switch: Tagged in one or more VLANs, off in others. Don't try to mix tagged and untagged on the same cable-- though the standards say it should work, implementation is often lacking in consumer-grade equipment.
The trunk cable between the router's switch and the standalone switch must use the same VLAN numbers within the switches at both ends. In other words switches can't rewrite packets to change their VLAN numbers. Once numbered and tagged that network uses the same VLAN number configured in all switches.
Though if you go ahead and bring the guest VLAN over to the switch now, it is simple later to set up switch ports to connect untrusted devices like a game console or a wifi AP to extend guest wifi coverage.
You could use the existing VLAN 1 as the trusted network and not have VLAN 20.
Well I think we are now having a bit of over crossing ideas of your initial (to complex) solution and an easy straight forward approach.
So not sure how you want us to proceed in giving you ideas for your configuration.
As all devices on your switch are in the trusted LAN you could basically do the LAN1 port VLAN1 as untagged and then you don't need to do anything on your switch. Alternatively you can keep config as above and then on your managed switch would need to tag VLAN1 for any device you want in your trusted zone.