I am using OPNsense 25.7.4. I have two interfaces, WAN and LAN, with no VLANs or other bridged. I have Plex installed on a media server.
To get Plex working I performed the following steps:
1. Access System : Settings : Administration
1.1. Web GUI : Protocol: HTTPS
1.2. Web GUI : TCP port: 8443
1.3. Web GUI : HTTP Redirect: checked
2. Access Firewall : Categories and click Add
2.1. Colour: yellow
2.2. Name: media
3. Access Firewall : Aliases and click Add
3.1. Enabled: checked
3.2. Name: server_media
3.3. Type: Host(s)
3.4. Category: media
3.5. Content: ip address of media server
3.6. Description: Media server
4. Access Firewall : NAT : Port Forward and click Add
4.1. Interface: WAN
4.2. TCP/IP Version: IPv4
4.3. Protocol: TCP
4.4. Destination: WAN address
4.5. Destination Port Range From: 32400
4.6. Destination Port Range To: 32400
4.7. Redirect Target IP: server_media (alias)
4.8. Redirect Target Port: 32400
4.9. Category: media
4.10. Description: plex
4.11. NAT Reflection: Enable
4.12. Filter Rule Association: Add associated filter rule
5. Access Firewall : Rules : WAN and check the associated plex rule has been created
6. Launch Plex and view your settings using your admin account then access Server : Settings : Remote Access to view the status
This was all that was needed to provision external access.