diff --git a/data/common/common.yaml b/data/common/common.yaml
--- a/data/common/common.yaml
+++ b/data/common/common.yaml
@@ -953,11 +953,11 @@
     record: staging-gateway.internal.softwareheritage.org
     data: 192.168.100.125
   glyptotek/A: # OPNSense firewall, not managed by puppet
-    record: glyptotek.internal.softwareheritage.org
-    data: 192.168.100.128
+    record: "%{alias('opnsense::hosts.glyptotek.fqdn')}"
+    data: "%{alias('opnsense::hosts.glyptotek.ip')}"
   pushkin/A: # OPNSense firewall, not managed by puppet
-    record: pushkin.internal.softwareheritage.org
-    data: 192.168.100.129
+    record: "%{alias('opnsense::hosts.pushkin.fqdn')}"
+    data: "%{alias('opnsense::hosts.pushkin.ip')}"
   internalgw/A: # Firewal(s)l vip, not managed by puppet
     record: gw.internal.softwareheritage.org
     data: 192.168.100.130
@@ -4329,7 +4329,11 @@
 netbox::vhost::hsts_header: "%{hiera('apache::hsts_header')}"
 
 opnsense::hosts:
-  - pushkin.internal.softwareheritage.org
-  - glyptotek.internal.softwareheritage.org
+  pushkin:
+    fqdn: pushkin.internal.softwareheritage.org
+    ip: 192.168.100.129
+  glyptotek:
+    fqdn: glyptotek.internal.softwareheritage.org
+    ip: 192.168.100.128
 opnsense::prometheus::port: 9100
 opnsense::prometheus::metrics_path: /metrics
diff --git a/site-modules/profile/manifests/opnsense/monitoring.pp b/site-modules/profile/manifests/opnsense/monitoring.pp
--- a/site-modules/profile/manifests/opnsense/monitoring.pp
+++ b/site-modules/profile/manifests/opnsense/monitoring.pp
@@ -7,30 +7,33 @@
   $icinga_checks_file = lookup('icinga2::exported_checks::filename')
   $icinga_zonename = lookup('icinga2::master::zonename')
 
-  $fw_hosts.each | $host | {
+  $fw_hosts.each | $host, $config | {
+    $fqdn = $config['fqdn']
+    $ip = $config['ip']
 
-    $target = "${host}:${fw_prometheus_port}"
+    $target = "${fqdn}:${fw_prometheus_port}"
 
-    profile::prometheus::export_scrape_config { $host :
+    profile::prometheus::export_scrape_config { $fqdn :
       target       => $target,
       scheme       => 'http',
       metrics_path => $fw_prometheus_metrics_path,
     }
 
-    ::icinga2::object::host {$host:
-      display_name  => $host,
+    ::icinga2::object::host {$fqdn:
+      display_name  => $fqdn,
       check_command => 'hostalive',
-      target        => "/etc/icinga2/zones.d/${icinga_zonename}/${host}.conf",
+      address       => $ip,
+      target        => "/etc/icinga2/zones.d/${icinga_zonename}/${fqdn}.conf",
     }
 
-    ::icinga2::object::service {"opnsense https on ${host}":
+    ::icinga2::object::service {"opnsense https on ${fqdn}":
       service_name  => 'opnsense',
       import        => ['generic-service'],
-      host_name     => $host,
+      host_name     => $fqdn,
       check_command => 'http',
       vars          => {
-        http_address    => $host,
-        http_vhost      => $host,
+        http_address    => $fqdn,
+        http_vhost      => $fqdn,
         http_ssl        => true,
         http_uri        => '/',
         http_onredirect => sticky