Regarding my migration from #Fortinet #Fortigates to #OPNSense, the biggest thing that I have found wanting is all the capabilities that come with a Layer 2 routing and #NGFW's (Next-Gen FireWall).

For example, on a Fortigate you can associate an entry to a MAC address and then use that entry for policies; Firewall, routing, security, DHCP, etc.

If a device changes IP address, it doesn't matter, your rules don't care, as they match MAC address.

OPNSense can do none of this. it only filters/runs on IP.

On top of that; Since DHCP does not create/update aliases, you have to create DHCP reservations for everything (to prevent IPs from changing) and /THEN/ create an alias for that IP address, so that you can use it in policies. Why isn't this one step? Or Automatic?

DHCP is designed to aide in network flexibility but rules being tied to a fixed IP totally keecaps the concept of 'when you see this device, do this'.

The DHCP Reservation/Alias issues is an absurd duplicity of effort. It's rather stunning that the option to create an alias FROM a DHCP reservation doesn't exist.