Tried the above settings and I didn't get the result I needed. I can see the full address if i go to Squid proxy server / real time but the word/phrase thats been searched and user that searched it needs to be logged.
It seems like the answer to this depends on the relative performance of your pfSense box vs. the RV340 and the cost of upgrading the former vs. purchasing the latter. It's hard to see how combining them would be advantageous unless your pfSense box is significantly underpowered for gigabit (but if that is true it's not going to be very good to use as a firewall)
It sounds like you have some sort of asymmetric route happening. You may be seeing an ICMP redirect that allows the traffic to pass until it times out.
You need to trace where that syn/ack from the timeclock is going or if the syn ever reaches it.
The first thing I would do though is check the pfSense firewall logs for blocked flagged or outbound traffic.
Well, buying a managed switch is no problem, I just cannot add a second wire to the APs… So I thought it would be unnecessary..
A VLAN to an access point is the usual method for multiple SSIDs. A common configuration is to have the native LAN used for normal users and the VLAN for guests, who are only allowed to access the Internet.
I've applied this fix to my Atom N3150 box with 2 x Realtek NICs. Before, when I would push a lot of traffic (600+ mbps) through the system, either the LAN or WAN interface (or both) would crash. None of the fixes I found on the internet including disabling hardware checksum / hardware offloading under Advanced fixed this.
But I'm happy to report that once I installed this driver, I can push a ton of traffic through the system without too much trouble!