After installing Zenarmor on OPNsense I saw that due to the nature of the netmap driver I am not able to run Suricata and Zenarmor both on the LAN interfaces. This was somewhat a downside as I already had some nmap rules configured and ET Telemetry in Suricata. I my scenario I have all the physical interfaces bridged. Suricata detects that bridge interface and I was able to add it. Zenarmor does not see that interface and only sees the physical ones. I added all the physical LAN interfaces in Zenarmor and the BRIDGE in Suricata.
I tested this with OPNsense-App-detect/test rule The rule can be tested here and obiviosly works for HTTP only : https://bit.ly/eicar-test
The nmap rules that I have in place are also working. It is nice that at least for my scenario and for someone who has the interfaces in a bridged configuration it will work this way. If Suricata is only configured on the WAN interface there is often little or no point alerting on traffic that will be dropped by the firewall any ways. I will keep testing and see how it goes, but so far so good.