Sonicwall HTTPS management from LAN using WAN IP
Solution 1:
The key appears to be that HTTP/S Management needs to be explicitly whitelisted, even if you have a firewall rule that permits regular traffic. So the entries required were:
LAN > WAN
Source: Any
Destination: All X2 Management IP
Service: HTTPS Management
A second rule for HTTP Management allowed the non-secure site to redirect to the secure one.
Thanks to TessellatingHeckler for reminding me to look harder at LAN > WAN rules.