HELP - MULTI WAN - evaluating right setup for DEC2752 HA

[intelliIT]

tl;dr: choosing between gw-group or default-gw switching for physical HA setup

currently we are using a DEC2752 to route about 10 vlans, user and production workload. also it manages a couple of incoming wireguard road-warriors and establishing a site-to-site wireguard connection to hetzner.

i would like to extend the setup with a second DEC2752 and HA setup; CARP adresses and all the config-sync stuff.
i tested this in a virtual evironment.
there is also a new (second) WAN connection planned, so i wanted to evaluate a multi-wan setup.

now i am not really sure if i want to configure a gateway-group or just want to rely on default-gw switching.
i read through this thread, but it not really helped.
i think i can live with established connections to live on the fallback-link until there will be new connections.
only thing i am not all to sure about is the initiated wireguard connection, but there probably will be a re-connection after some time.
setting up gwgroups with a lot of firewall rules seems to be a lot, but somehow "smoother".

also i configured the opnsense as a ntp server which is accessed by all my lan hosts.
i assume this needs a special rule to allow?
i also assume i need to configure special anti-lockout rules for some of the vlans?

can someone point me in the right directions, with respect to my setup?