thinking along the same lines as @jarhead over here. consistenly power cycling all devices after making any reconnections is going to be important here.

spoofing L2 addresses is a bad idea and inevitably a bad time. i would avoid it entirely.

it also might not be a bad idea to confirm that ISP doesn't need to whitelist MAC of your pfSense WAN NIC. it's possible that their whitelist is only 'enforced' when it detecs a router at the other end (to put it crudely)—so it'd stand to reason that you can successfully directly-connect to ONT with your PC but not with the pf host, a router. worth a quick call to avoid chasing your tail.

Otra cosa a tomar en cuenta, es la compatibilidad de la ONT con el dispositivo, pero lo más importante, que sea compatible con la OLT que utiliza el ISP que contrataste.

Hay varios factores a tomar en cuenta cuando se realiza ese tipo de cambio y lo mejor es consultarlo con el ISP contratado. No es tan simple de comprar, conectar y todo te va a funcionar.