You should be able to browse to your virtual server using its LAN IP from the within the LAN. From outside the LAN you should be able to browse to your virtual server using your WAN IP provided you have setup the virtual server settings in ZS.
If you need to create a rule to direct traffic from withing the LAN you can do so in the Firewall section of the ZS GUI but this should already be working.
Also try using port :8080 with the IP number of your virtual server.
I think this would be a matter of adding a rule to the Prerouting table but I don’t think ZS provides the ability in the GUI. You could do it in shell mode.
Maybe PFsense was ending the request out to the WAN instead of routing at over the LAN and so your port forwarding on the WAN was directing you to the correct server.
You could try creating a rule in Netbalancer to send all traffic destined for your Public IP from your LAN out your Gateway. This might have the traffic return to the WAN side and be forwarded correctly.
I too have the web servers on the LAN and I simply set up DNS on ZS so when if punch in ‘www.mydomain.com’ from the LAN it resolves to 10.10.10.2, same as if I did it fro the WAN and NAT resolved to the same ID.
Sounds like you do not need NAT, and that is not really a task for NAT at all. It would be if you wanted to access port 80 and be redirected to port 8088 for example…