You do understand that now your firewall will need human intervention on power cycle. Is your firewall not in a secure location.
What is exactly on there that might be of concern other than the CA, and private key for the web gui? Move the CA off..
This topic has been gone over a few times over the years - its just doesn't have a valid use case on a firewall..
Do any of the major players provide for FDE for their routers/firewalls? Cisco, Palo, Juniper, Fortinet?
Your still open to evil maid attack as well. So what does it buy you? Not like you can loose your firewall, forget it on the subway. someone break window on your car and take it while your parked for lunch, etc.
edit: For ref this the last time I recall this topic coming up
https://forum.netgate.com/topic/114030/installation-with-whole-disk-encryption
Use ZFS if you want to do it - just pointless IMHO and IMPO both personal and professional.