OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: athurdent on June 07, 2021, 05:19:54 pm

Title: Roadmap "Device Identification" feature question or identifying IPv6 clients
Post by: athurdent on June 07, 2021, 05:19:54 pm

Hi,
with the planned feature Device Identification & Asset Discovery, will we be able to use identified devices in a policy or and exception rule?
Some of us can only use IPv6 with dynamic prefixes, and we would not be able to identify a client properly, as the prefixes and IPs change. Plus, modern clients tend to use IPv6 privacy extensions which makes it hard to identify them, even with a fixed prefix.
An alternative would maybe be the ability to use MAC addresses in a policy or exception rule?
Any thoughts? Thanks!

Title: Re: Roadmap "Device Identification" feature question or identifying IPv6 clients
Post by: mb on June 09, 2021, 12:52:54 am

Hi @athurdent, thanks for the suggestion. Yes, as you've correctly guessed, we were planning to handle that with device auto-discovery and identification.

But this might be a good interim solution while we get it ready. We'll try to get MAC addresses in exceptions & policy definitions in the 1.10 release.

Title: Re: Roadmap "Device Identification" feature question or identifying IPv6 clients
Post by: athurdent on June 09, 2021, 03:57:06 pm

Thanks as always @mb, this sounds perfect!  :)