If you had something creating a picture with all your devices.. Say something like this..
devices.jpg
And then you had some way to input some parameters like port.. It could show you which other devices the firewall rules allow for..
But even viewing it gets tricky when you have lots of devices.. This is only showing my wireless devices, and you have to really zoom in to see anything.
And while pfsense can say hey there is a rule that allows that to these other devices in other networks.. Still doesn't know if that device even listens on that port, or that its own possible firewall allows it. And as you mention how would it know if something like private vlans or AP isolation is deployed?
Is this AI going to validate every connection is actually possible from the devices IP address you selected as your source? And for stuff on the same network as your client, pfsense isn't involved anyway..
I have worked on many a different firewalls, Palo's, ASAs, Juniper, checkpoints way back in the day.. The only thing I have seen that would come close to what your asking that isn't graphical is where you can put in some parameter(s) and it will list the rules that mention those parameters, you can do with panorama for the palos.. But not freaking cheap! ;)
But I do not see how this helps you learn to be honest.. If you want to learn.. Learn how to create the rules you want to allow or block and how to create those.. I mean how many rules could you possible have? Its not like enterprise, previous gig we had over 50 different Palo firewalls in the org, and searching for what rules might allow or block specific traffic was really a requirement.. There were 1000's and 1000's of rules across the org.. Finding out if some specific traffic was allowed or not would of been painful if there wasn't a way to easy search through them..
Biggest save in search in rules was when someone requested something to talk to something else on port X.. Was to search for if those devices are already allowed to talk to each other one some ports so you could just add the port to an existing rule, etc.