Messages

Yes. To have the same URL from inside and out.

Good point and makes sense.

Then why don't you follow the suggestion to use a VPN? You can set-up a secure connection with Wireguard and only the allowed users will be able to access the LAN interface from the internet - much more secure and works a treat, I've been using it for years without problems.

It would certainly bother me if I exposed my LAN interface to the interface via NAT, I'm sure there's plenty of hackers that would find that config a challenge. ;)

Thank you. The WEB GUI was an example and I can understand the assumption. The question is however about the practice. And as mentioned above, it's probably due to having the same URL.

Best practice is not to expose any management interfaces to the internet. Use a VPN for remote access

That's understood in general cases and pretty well known.

I'm more curious about the process of using NAT Port Forward from WAN -> LAN side of the gateway and then open the firewall for LAN access. Is there any benefit from doing this?

[Example]

I've seen some examples where people setup Firewall rules for the OPNsense Gateway, but don't really understand the practice.

Example: How to access the WEB Gui from the WAN port.
Almost all guides recommend a NAT Port Forward the HTTPS port (without changing port no.) from the WAN interface to the LAN interface. And then open up the firewall from the LAN side.

Is there a reason for this? Why not open up the firewall from the WAN side and skip the NAT Port Forward?

I think you should specify your question a bit. But presuming a general question "can you use OPNsense as a gateway instead of Unifi?" Sure, you wouldn't be the first to do it either. Basically all "networking" services can be done by OPNsense. It's up to you, where you want to place each service. You can leave the WiFi tasks to Ubiquiti for convenience.

I would start with what VLAN should be where and how my networking hardware would support it.