I am not clear on the question but the devices accessing SMB shares should be on the same network as the TrueNAS. Block the TrueNAS management port on non secure networks.
Re the management, I see I have 80->443 redirect enabled, would that mean 80 can’t be used, is closed. or can I tell TrueNAS not to use/listen on 80 at other, other than doing it via the pfSense FW.