I replied to the same issue on Reddit, so I'll copy my reply here, too:
On FreeBSD, su requires that the user be a member of the wheel group. But there isn't a way to put a GUI user into the wheel group, so you have to use sudo instead.
You could work around that by manually editing the groups file in the OS or hacking on /etc/pam.d/su to use the admins group instead, but why bother? The changes would be wiped out on the next update. Use sudo instead.
Using su also requires you share the credentials of the root/admin account which goes against best security practices.
Using sudo is best in the context of a firewall. Everyone uses their own account, their own password, and can have customized permissions per user.