Dealing with high load on a single instance

[combsbj]

My question about high availability is more on the lines of making sure the management interface and traffic shaping is available on a single appliance.  If there is a more suitable area of the forum to ask, please let me know.

Situation:
I have a newly installed OPNSense appliance with an AMD Ryzen 5 8500G processor, 16gb ram, dual 2.5gb intel nic, and 256gb nvme disk. It has a WAN link of 1gbit down and 600mbit up.

It is running a very lightly used caddy reverse proxy, a wireguard vpn client, and Zenarmor. It is routing for 3 work from home users (light web browsing and steady Zoom and voip usage). One user has occasional large file downloads. I experienced yesterday that one LAN users/host which is routed through the wireguard vpn was pulling down about 700mbit/s for a very large file served by torrent protocol, so multiple sources.

Either the wireguard encrpytion, the Zenarmor inspection, or both were causing the CPU load on the router to hit 100%. This caused the Web management interface to become very unresponsive and two other LAN hosts to experience degraded service with web sites failing to load and voip to become unusable.

Questions:
1. Would a processor with more cores or a faster speed help?  What is recommended hardware specs for 10 devices with 1gbit bandwidth, using wireguard and zenarmor?
2. Is there a way to prioritize or put a resource limit on services so that one service (wireguard or zenarmor) doesn't cause the traffic shaper or web ui service to not work properly?
3. is there a way to look back at logs from yesterday to get to the bottom of whether wireguard or zenarmor was the cause of high cpu load?