This is more for either inner firewalls or business use for instance when you have fixed Public IPs I don't think it would be practical with DHCP as the IP address on the WAN side needs to remain "constant" for NAT and I'm not sure if you would be able to transfer that from one firewall to another, unless it was done manually I'm not much of a fan of virtual firewalls, but because of the cost savings, companies seem to be favouring them, even on the Internet facing side If you're running a hypervisor though, a virtual firewall can make a useful inner firewall It's always annoying when a firewall crashes due to a software problem, and HA can help deal with that as you usually only need to reboot the primary to it up and running again

@@TechTutorialsDavidMcKone ups, thank you and I am disapointed with that situation ;-(

I'm building a list of OPNsense videos to do, so if there's anything you want covering, let me know and I'll see what I can do

@@TechTutorialsDavidMcKone 1) -Tailscale with selfhosted Headscale with remote access (aka: let me configure network in my grandma's house), 2) - wireguard with easy clients config, 3) - replacing ssd/hdd in case of failure, 4) - maintenance i.e. failed config or self lock out, 5) - guest network with Captive Portal and dedicated (or not) wireless access point - just few ;-)

​@@TechTutorialsDavidMcKone I'd like to see adding a fall over on the wan side, so when isp goes down I can use my phone or similar, or second line to provide another wan. I'm currently on unify (USG), but looking to move away, but have this ability.