** THIS IS NOT A COMPLETELY VALID SOLUTION, PLEASE READ THE NEXT POST AS TO WHY! **
Numbering among one of the worst ideas ever...
From the management GUI, go to the Firewall/NAT tab. Under Port forwarding rules, click Add Rule. Original port is 8443, Protocol is TCP, Forward-to address is your primary router LAN IP (assumed to be 192.168.1.1, you know your network better than I do), Forward-to port is 443, Description is whatever you like.
You're not done yet. Even with Hairpin, it won't work, because it assumes you're actually forwarding, which you really aren't. All this set up was the DNAT rule.
Proceed to the Firewall Policies tab. Find your WAN_LOCAL ruleset (I don't know what you called yours, but it is the one that under Interfaces shows <your WAN interface>/local, hopefully with a Default Action of drop. To the right of that line, choose Actions/Edit Ruleset. Click Add New Rule. On the Basic tab, enter whatever you want for Description. Enable should already be checked. Action is Accept, Protocol is TCP. On the Destination tab, Port is 443. Click Save.
The administration GUI should now be exposed via TCP port 8443 to the entire Internet. May God have mercy on your soul. 
Rodney
P.S.: To anyone reading this reply in the future, for the love of God, DON'T DO THIS!