Yamiraan Hello, SYS Firewall belongs to your system firewall, while NginxWAF belongs to your web server firewall. In the computer OSI model, the system firewall is at the network layer and NginxWAF is at the application layer, as an example.
If your website is being attacked by CC, if you block the attacker's IP on the system firewall, then it is directly blocked at the network layer and he cannot get to the web application layer, so this way works better, if it is blocked on NginxWAF, it may consume your server resources to intercept and return to the attacker errors or information or code that he does not want (444|416, etc.)