Hopefully I'm doing something wrong but I can't get the firewall to allow access to the WebUI on the WAN Port. I have a firewall rule to allow tcp from anywhere to port 443 on the WAN address and I have specifically checked the box for "Disable administration anti-lockout rule". The WAN has an address of 10.0.0.3 and a gateway of 10.0.0.2 and I'm attempting to connect from 10.0.0.1. The weird IPs are just how VMWare Fusion does NAT. I'm attaching a screenshot of both my rules and the firewall log. I thought I had previously had this working but I hadn't checked the lockout option to make sure it was using my rule.
filterlog: 3,,,0,em0,match,block,in,4,0x0,,64,0,0,DF,6,tcp,64,10.0.0.1,10.0.0.3,58744,443,0,A,,1185956762,2048,,nop;nop;TS;nop;nop;sack
(https://i.ibb.co/smy8ZB7/Screen-Shot-2020-04-19-at-11-34-19-AM.png)
(https://i.ibb.co/9T88twr/Screen-Shot-2020-04-19-at-11-36-34-AM.png)
It turns out that the issue was "IPv4 Upstream Gateway" was not set to "Auto-detect" on the WAN Interface. Not really sure why that breaks the firewall though.