1) Put the Logout button in the top static area, not in the Lobby
2) Make some/all the auto-gen rules supersede state table. As example, if I click "block rfc1918" on WAN iface setting, then a outbound SYN for a rfc1918 will have the SYN-ACK blocked on return because src IP will be rfc1918 WAN inbound, (block any protocol, etc). This is basic IP spoofing stuff. Technically, that setting should create two block rules, one src block WAN-in, and another dst block WAN-out.
3) The gui menu on left side, make each section expandable/collapsible (and stick open), this way we can switch between different sections more quickly.
and 4) The small System Status icon next to hostname in upper area of gui, put it to more good use. Make script or the like (aka "feature") to pull CVE info from NVD related to installed versions freeBSD and OPNsense, and monitor NIST NVD (eg; https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:a:opnsense:opnsense:25.7:*:*:*:*:*:*:*) and when something matches the versions you blink the status icon, giving users a heads-up. This helps the community be a tad more proactive with the knowledge (workarounds, mitigating control, nothing to do if CVE is a specific feature and you don't use that feature, etc). Maybe even create an "email me" option for such feature, like "email me a notice every X hours when there's a known CVE", etc.