Opnsense - DMZ - Cloudflare Tunnels - issue with port 7844

[straeten]

I have moved to Opnsense last year on a Boxking N6000, 16GB, 512GB NVME, 4x i226 NIC to setup a Multiwan (Local ISP - PPPOE on DSL and Starlink) and the box has been going strong.

I am now setting up a DMZ, behind which I will have a Ubuntu Server to host my websites (mostly family photos and family stories) managed by CyberPanel.

I followed one of the posts here to setup up cloudflare tunnels for my website, but I struggle to get the communication tbetween the cloudflare tunnel and cloudflare servers, for which I need top opn either UDP or TCP on 7844. I must have overlooked or misunderstood on all the steps for how to open the needed port between my DMZ (outbound) and the cloudflare servers. UFW is not installed on the Ubuntu server - I am fully relying on OPNSense. Opnsense on 192.168.1.1, DMZ Server on 192.168.2.2

What I have done so far:
Firewall->Aliases-> Create Cloudflare_IPv4 Network with Cloudflare Servers listed (including IP adresses for Argo Tunnels + same for IPv6)
Firewall->Rules->DMZ-> DIr. Out, TCP, IPv4, Source DMZ Net, Dest. Cloudflare_IPv4, Port 7844, Default Gateway. i can telnet ports 80, 443 (also opened by a rule) but not 7844
Firewall->Rules->Lan-> DIr. Out, TCP, IPv4, Source Lan Net, Dest. Cloudflare_IPv4, Port 7844, Default Gateway.
All open ports are reachable (80, 443 and 7844)

I suppose I need to do something with Firewall -> NAT -> Outbound, but I must admit I am lost.

Any suggestion would be helpful.

Thanks