I discuss some “things we want to express” (which could translate to your “groups of visual ques”), here:
I do like your qube properties based idea though. If i could still edit the above post i’d probably add “indication of which sys-firewall-* qube it was using” (or more generally, what qube it’s using as it’s network qube).
One option could actually be changing the window title from something like
[work] user@work: ~
(for a terminal) to something like
[work via sys-firewall-wifi] user@work: ~
or
[work via sys-firewall-only-my-bank] user@work: ~
or
[work with no networking] user@work: ~