Having L3 at the access switch layer have other benefits.

Thx. for the response. I bit the bullet and bought a second identical machine (lenovo tiny m720q) to what I’m running now with pfsense. When it gets here and I get it together I’ll run the second machine with opnsense, in parallel to the current pfsense setup. I’ll probably do something like a double-nat and use opnsense for my esxi and homelab stuff so I can keep pfsense running the rest of the house.

What do you mean other benefits? ACLs? I have pfsense (2x sfp+ lan lacp, 1x mobo gigabit wan), then a Cisco SG500X-24 in L2 mode, then from there I’ve got the mikrotik crs317 and a bunch of cisco sg300 switches. If I make a change I’d probably offload the dhcp server too. What else am I missing?

Should I try to replace pfsense 1:1 with opnsense for now, and then make changes later (or don’t change anything once I’m comfortable)? I’ve been using essentially the same setup for so long I don’t really know much else.

Why are you considering that?

Because the Netgate appliances I’d need to replace my whitebox appliance are either the 6100 or the 8200. So if I offload most of the routing into a L3 switch, and I can put dhcp somewhere else too, then all I need is a little 1100 or 2100 appliance to just do firewall.

My current setup has all my switches in L2 mode and all firewall/routing is done in pfsense. If I break out the routing portion (and dhcp) then I don’t need nearly as much hardware for pfsense.

Why not just move to OPNsense?

I’m buying some hardware that I can run in parallel. I don’t want to just switch to OPNSense, I’d like to know and understand the differences in the software before I just deploy OPNsense.

moving to a level 3 switch.

Moving to a layer 3 switch: Right now I am doing firewall+router on the same appliance. A layer 3 switch will let me break out the firewall/router so that the L3 switch does routing (most of it) and the netgate appliance would do the firewall work.

Since ~2008 all I’ve used is pfsense so moving to opnsense is a little unknown. I’m buying a second piece of hardware so I can try a few different setups and run something in parallel for a few months so I can make an educated decision. I don’t know much about OPN so I don’t want to comment until it’s up and running.