Hi pfSense users, fans and professionals. 
I’m a bit lazy here now instead of spending a few hours/days on duckduckgo to search for an answer, so i will ask if any of you have the answer. 
When using whitelist and sticky ports to lock down the network so only devices with the right Mac can connect… when you clone the Mac to get around it, has pfSense some kind of plugins that can detect the new device no longer have the right fingerprint.
I wish you all a nice day.
I’m not sure on what you are asking. Port Security / MAC filtering is a link layer (L2) switch feature. pfSense operates at the network layer (L3). You cannot filter based on MAC addresses in pfSense. Also what is this fingerprint you are referring to?
I would have to agree with @paolo. Port security is done at the switch and wouldn’t be at the firewall level when dealing with MAC addresses.
Sorry for my bad english explanation. I was thinking if pfSense had some plugin similar to Cisco’s ISE