There are all sorts of reasons to why you'd want to do that, be it on the WAN or the LAN. Waking up other things is easily configured through the GUI, but WOL the sensebox itself (or disabling that) doesn't seem to be.
Naturally, you need to first enable "Wake on PCIE cards" in the MoBo firmware, possibly even disable "Deep S5", unless it has an "auto" setting that disables it if the PCIe wake is enabled. Some MoBos hide that behind a setting called "ERP" or "EUP" and provide no "auto" setting, so "disable" is the only way to make it work. Naturally, this will consume more power in the "off" state, but there is no better way to do it. You should disable all other wake-up events that you're not using, but whether or not that actually saves any power will depend entirely on your hard- and firmware.
Anyway: ifconfig will probably return the seemingly proper "options=2008<VLAN_MTU,WOL_MAGIC>" out of the box, but what is missing is to set two tunables, namely hw.re.s5wol and hw.re.s0_magic_packet, to actually make it work. Nothing will change in the ifconfig output after setting these and rebooting, but WOL should now work as expected.
Do note that this means that WOL is enabled on all interfaces, including WAN, so anyone who manages to send the magic packet to one of these will be able to power up your box. However, remotely powering up your firewall isn't going to offer any gain unless the attacker is your local electricity provider. There probably are options for the secure WOL if your NIC supports it, but magic packet works with any WOL program, including OpenBSDs "arp -W". If you're worried about IoT devices (even if not hacked yet) or your offspring abusing this to get internet access, you need stricter firewall rules. :)