One lovely little gotcha for anyone with a Plex server. This applies to some other firewalls, not just pfSense.
I noticed that I couldn't connect directly to my local Plex server. It would timeout then, after a pause, connect indirectly via a relay. Viewing the server in settings showed "Indirect" against it. Bizarre.
Turns out this happens if the client from which you're accessing has its DNS server set to the pfSense box. You'll find many people saying the solution to this is to change the client's DNS settings to go straight to external DNS servers but that's circumventing the problem rather than solving it and could cause other problems.
After much digging, it turns out the actual issue is down to DNS Rebinding protection. The solution is to go to Services -> DNS Resolver, scroll down to the Custom Options and enter the following:
server:
private-domain: "plex.direct"
This will solve the problem.