Yeah there are going to be a HUGE amount of false positive on the free and or even the paid threats.  This is the very nature of IPS… It takes a lot of time to tweak it for a specific network to not show lots of noise..

It just blows my mind how users think oh clickity clickity full blown IPS for free and zero noise or false..  Like saying hey you know which end cuts on that scalpel, sure your ready that open heart surgery then ;)

Do you really think IT is that easy that any billy bob can push a few buttons on a gui and be all set with something like a IPS???

How come users don't think they can tear apart their transmission and rebuild it - but any tom off the street thinks he can fire up a IPS system to block down stream natting with a click of a button? ;)

Cheers. I knew it would be something simple I missed. Had to put the outbound rule for the VLAN for OPT1.

Now it's all working. As soon as I type the last reply I realised my error. Sometimes it just needs a fresh pair of eyes.

Thanks

https on squid is a mega pain.

Checkout pfblocker for a cleaner internet. (ad free)

That post on the site was from 4 years ago alot has changed

There is no need to create an alias.  All your networks you create n pfsense will automatic have a listing and will be in the destination dropdown when you create the rule…

@johnpoz:

"The Unifi AP is on port 39, 41 & 43"

Then vlan 1 if that is your 192.168.0/24 network needs to be untagged on these ports if you want to be able to talk to them, same with your controller it needs to be on a port that is untagged.

if your going to want to use vlans between switches then the ports connecting them should carry all your vlans tagged..

thanks johnpoz it worked  :)

pfSense 2.4.3 works great with PC Engines APU2.
I run addisional darkstat, unbound and openvpn.
And having traffic shapening setup - "my internet connection" has never been better!
Also I done some dns adjustments to get it even abit faster :)  google namebench

Can this be some kind of issue with my bios?

Can you help me with the procedure?

No.  It has nothing to do with pfSense.  While I have compiled squid from source before on Ubuntu, that was a few years ago.  Perhaps I was unclear.  When I said you would need to spin up your own server, I was talking about a Linux box for instance, not another pfSense.  Compile squid form source on a Linux box and then use that squid.

Is that could be a security issue?

Nothing to do with security.

A better solution might be to allow this specific user to go around the proxy.

As the squid page notes, this has only been tested up to 32K and your URL is 36K, so it may not even work.

By default, you cannot connect to WebGUI via WAN, only LAN.  If you want to enable WebGUI from WAN, see this:

https://doc.pfsense.org/index.php/How_can_I_access_the_webGUI_from_the_WAN

Also note you should edit your WAN interface (Interfaces - WAN) and uncheck the Block private networks and loopback addresses option.

Overkill.

Just as an update, if you check the ticket we just merged a fix from PiBa. Thanks!

once you rules load correctly it should be there. 5,000,000 is a bit drastic.. 400,000 should be more than enough and is going to be the new default.

You should always be able to cycle if antilock is enabled disabled under

System / Advanced / Admin Access

If your device has integrated graphics and a BIOS setting to specify how much system memory will be dedicated to the graphic card you can set this to the smallest available amount.

you using xn interfaces in Xen?  I don't think they support vlans..

While Ciscos are great (probably SG300 or 350 series?) they aren't cheap.
Some users here like these D-Link DGS-1100-08 GBit switches.
Compared to the Cisco SG300/350 they are smart switches "only" and not fully managed.

In System->Advanced->Networking, There is a section, which name is Network Interfaces.There are five options,  Device polling,  Hardware Checksum Offloading,  Hardware TCP Segmentation Offloading,  Hardware Large Receive Offloading and  ARP Handling. All of them are not checked.

Yes all are blocks !