I had the same problem but still haven't received any thing to my question which is on the pfsense forum. Therefore I have work out my self and found some kind of a solution. I suggest you to switch off transparent mode and configure your browser for proxy. use the DNS as your PFsense local IP address and add a dns forwarders in your pfsense. use squid guard to mange url filtering. It will also filter https too. There is a small problem with this. the block pages may not display the error message that you have entered.

@heirkeyso:

Sir,

The diagram what I present to you is not a good practice?

I want to use the pfsense for the purpose to serve as a internet or the pfsense is the giving an internet connection to the user and in the same time I can block the website the are using like the social media(facebook, tweeter and etc)., instant messenger, torrent and etc. for the users and I want also to control whose user will I block or gave a full access for the website or url.

Below are my concern:
-> documentation or manual for setting up pfsense
-> if I already finished set-up the box how can I block the https://www.facebook.com and https://www.twitter.com?
-> setting up port forwarding. is it the same in configuring in link-sys router?
-> Is the i7 processor with 8gb ram will enough for the around 60 users?

Sorry for these questions. I'm just new to pfsense and I just want to know everything before I deploy to our office network.

Thank you in advance for your response.

Precious

Thanks very much to you all…

I have configured my pfsense dhcp to hand out only the ip of my AD DNS...nslookup now works as it should be.

Just like Steve says. When you download a file, your computer starts a new TCP connection for it. And pfSense makes a decision about to which gateway  to route this connection. If it takes either one, it will apparently be 8 Mbps. But if you started second download and your gateways had the same weight, pfSense should choose the other free gateway so you would get another 8 Mbps download.

The information obtained from this website its very helpful to me and I can put to use in everyday life

@tbt_sysad:

Good Day,

i've tried to work around in dansguardian users but so far the result is failed,
maybe you can share some ideas,
any ideas will be much appreciated.
thank you.

squid+dansguardian

tbt_syasd :)

You've got to supply a little more information. How were you identifying the users? Dansguardian has several authentication modules or you can simply use IP address of the client…

"Two pages open at the same time to copy paste"

What??  You Crop and edit in whatever tool your using - its takes seconds to adjust what you want portion of the screen you want, and then tweak it how you want in the tool..  What are you using to take your screenies?

This took all of a maybe 3 seconds to do, and its only 11k..  I could put almost 20 of them in 1 post vs if did the whole screen its 224K and would not fit.

examplepic.png
examplepic.png_thumb

I sold one at $36, I re listed again, so another chance for someone.
http://www.ebay.com/itm/PFsense-Firewall-SFF-PC-FX5620-/171151443134?pt=US_Firewall_VPN_Devices&hash=item27d96bc4be

If your a partner you could always sign up to Microsoft Action Pack… MAPS?

Outlook.com uses more sub domain zones to load the page, so just unblocking outlook.com will not work. Under the code, its secretly pulling data from other website domains. Look at the code its requesting.. Do some network sniffing. Squid can sometimes be a paid. Try using TCPview from Microsoft on the client and try and understand what the client is requesting.

Thanks for the heads up illern. Long story short, we are in a transition to a new website design (finally!) and hope to have it out soon for all to enjoy.

Thanks for the reply Steve.  That's what I was thinking, that there probably isn't any risk of anything breaking out of the tunnel between the ISP and the WAN connection on the pfsense box, but I wasn't sure.

Thanks for the link as well.  I should have mentioned that I'd seen it, but it seemed easier to plug a cable between the modem and one of the switches on the LAN as no other changes were necessary.  I haven't made any changes for NAT on either the modem or the pfsense box, although may have turned it off on the modem a few years ago when I put it in bridge mode as it's turned off now.  I assume the modem is just passing the internet connection to pfsense and not doing any NAT and that pfsense is the only thing doing NAT.

The reason I was thinking of using the modem for wireless is to segregate my Directv network from the LAN by creating a VLAN.  The Directv boxes are networked using coax, but they need to use wireless to get an internet connection without some other piece of hardware I don't have and would have to buy.  I don't like having boxes I don't control on the LAN but the WNDR WAP doesn't do VLAN's.  I could buy another access point, but since the modem's wireless isn't being used I figured why not, assuming I'm not opening up a security hole.  Since it's already working most of the configuration is already sorted out.

Bill

uhm sir kejianshi,

im doing well with dansguardian,
but i have this one scenario when on of users have an access which is not
applicable to others,

i've tried the users in dansguardian but the result is failed,

is it really possible sir?

tnx

Yep - Cool article.  I'm sure they will leave it there.  There is no rivalry.

The results obtained from any vulnerability scanner are open to interpretation.  The fact is that Nessus, run from the inside, will find vulnerabilities.  My own healthcare clients are using a couple of different Unix/Linux firewalls and fare poorly against a Nessus scan - typically DNS vulnerabilities.  Nessus is a good starting point to for a risk assessment but its verdict on your vulnerabilities is not a verdict on your HIPAA compliance.  The best fit for Nessus and HIPAA is when it is used for regular monitoring and inventory - what's different about your network from yesterday or last year?  Nessus scans could have a place in your HIPAA policies, but its scans need to be considered within the overall culture and policy of your organization.

HIPAA security assessments typically center on gap analysis - what are your security policies and are you adhering to them?  Do those policies meet or exceed the standards set by the government?  Have you documented all locations that contain ePHI, either at active or at rest?  Do you have a complete inventory of your information assets?  Do you have backup policies?  Are you adhering to your backup policies?  The law typically tells us what to do, but not how to do it, that's for each organization to define through their policies.  See http://scap.nist.gov/hipaa/ for a good assessment toolkit.

Government HIPAA auditors usually are involved after the fact.  The real HIPAA police are the patients and the healthcare organizations themselves.  Fines await those who expose patient health or financial information.  The fines are not issued because you failed a Nessus scan but instead because you may not have done everything in your power to prevent the exposure of protected health or financial information.