To be frank I don't 'need' a full dmz-like setup. Here's some of the finer detail (i.e. what I need to achieve):-
The OPNsense box terminates 3x SSL tunnels using UDP ports 1194, 1195, 1196 respectively. This using 1 public IP only.
As an aside, whilst I can browse the internet from the LAN side of the OPNsense box, I cannot ping anything on the internet. Why might this be? Tracert to websites complete OK.