A wan policy ? Nope, but I create IOT policys that say this network can go OUT and then block subnets around it. The policy also forces the traffic through the policy so it can push content or application monitoring etc etc.

Ok, that makes me feel better. I'm doing the same thing. I have several VLANs setup on one UniFi access point that are isolated. I use Filter Policies as I don't have a managed switch so Untangle is doing everything. I have a few policies setup but they all use the default policy as it's parent. My default policy has very basic rules, blocking ads is about it. My kids policy is more restrictive. Is that a good practice?

I installed Lubuntu on a really old Dell XPS M1330 laptop acting as my "Server". It's running my Unifi Controller and it's just humming away. I'm actually pretty proud of it. It struggles running java but so far so good.

That's the general intent of Policy Manager! The alternative approach is to make your Default Policy more draconian, so that any traffic you haven't specifically moved into another policy is highly restricted or blocked altogether. This allows you to vet traffic in the network: everything is blocked until you explicitly allow it (by moving it into a less-restrained policy).