Hello. It can be useful, if in addition to "Allow management from WAN" will be available "Allow management from IPSEC" option.
As i can see this, typical use case - ipsec tunnel to head office via Internet. And every time router are not reachable via ipsec tunnel and allow management access from WAN is a "no-go" for security reasons.
So, every time I need to add few firewall rules, to pass HTTPS, SSH, SNMP from ipsec to router. And what worse, if I made a mistake in "-m policy --dir in --pol ipsec" in any newly created firewall rule, router stops answering on any interfaces and without console cable only default reset will help.
