OPNsense Forum
English Forums => Zenarmor (Sensei) => Topic started by: athurdent on June 07, 2021, 05:19:54 pm
-
Hi,
with the planned feature Device Identification & Asset Discovery, will we be able to use identified devices in a policy or and exception rule?
Some of us can only use IPv6 with dynamic prefixes, and we would not be able to identify a client properly, as the prefixes and IPs change. Plus, modern clients tend to use IPv6 privacy extensions which makes it hard to identify them, even with a fixed prefix.
An alternative would maybe be the ability to use MAC addresses in a policy or exception rule?
Any thoughts? Thanks!
-
Hi @athurdent, thanks for the suggestion. Yes, as you've correctly guessed, we were planning to handle that with device auto-discovery and identification.
But this might be a good interim solution while we get it ready. We'll try to get MAC addresses in exceptions & policy definitions in the 1.10 release.
-
Thanks as always @mb, this sounds perfect! :)