Enable external authentication support for rules
Well, i am sad to see that pfSense doesn't handle external authentication support for rules, which means pfSense can't effectively replace Watchguard on our company.
In our company, when we create a user in Active Directory, we put them in a group depending on their browser privileges and we don't have to touch Watchguard. This means that we would have to manually map all user accounts to their respective computers, and add those computers to an alias, and still lose functionality, since sometimes users browse from other computers (for example: when someone is on vacation, and the coworkers need to log on their machines)
I estimate this hasn't been implemented for basically two reasons: 1) it's work to be done 2) it will severely impact pfSense's rule processing performance.
For 2), perhaps there can be an option to cache the first user logon on pfSense itself so to avoid delays, and handle it internally by a special alias.