Hi All, I realize this topic is quite old, but I thought I'd post this here just in case someone needed it. I use squid in transparent proxy mode, and also Arlo cameras. I have found a way (though it may be temporary, we have yet to see) to get streaming from inside the firewall to work. Steps: Log-in to your Arlo account (arlo.netgear.com) Open developer options (F12) Click on a stream as-if you were going to watch it a. At this time, you'll see an error which states that you cannot load the stream due to an SSL protocol error. Write down or copy that host name. [image: 1536212770189-a1915064-f496-44b9-9b40-1e5252a0a753-image.png] Open your squid general settings, and scroll down to Transparent Proxy -> Bypass Proxy for these IPs and paste the host name from above. Save your settings and test. This is what I did to allow streaming of video clips, and I hope it helps someone else!

@alexx1923 go to General settings > Advanced Features > Integrations Add below line (use ; to separate new lines) ;http_port YOURCARPIP:SQUIDPORT you can sync squid settings with your backup server. when primary fails carp IP will shift to secondary server and squid will start working with CARPIP in secondary as well. so in general squid will be working with 3 Ips ... LAN IP of primary server, LAN IP of secondary server and CARP VIP . you can give configure CARP VIP in clients or serve in wpad.

@anttechs I am using squidguard, After configuration of blacklist option in General settings i.e http://www.shallalist.de/Downloads/shallalist.tar.gz in Package > SquidGuard > Blacklists you need to hit download button 4-5 times continuously , to get it download blacklist database, make sure it reaches 100%

@ravegen Hello my friend My goal : set proxy (SquidGuard-Cach server-Control Bandwidth with squid ) on VPN conection with LoadBalancing And I have One wan conection and 5 VPN conection on WAN This very simle ... I want pass traffic from VPN (LoadBalancing gateway (5vpn conection)) . also I want to have Squid proxy and SquidGuard ... But squid not compatible with loadbalancing very simple..I want tcp_outgoing_address to another interface and create rule for my traffic Did you realize what I mean?

Great! So looks like it was just a regex issue. Thanks for the follow up. Steve

@denisk I've been waiting for the updates version on pfSense too. Squid 3.5 in my usage slowed down the Internet rather than helping it speed up through caching.

Will what be in 2.4.4? Squid 4.x? Unlikely. 3.5.28 will probably make it in eventually, but it's not in FreeBSD ports yet.

Try setting the redirect mode in Squidguard to ext url move. You will have to redirect to something, you might create a page for that. I hit that same error recently and that worked around it. Steve

@nadmax said in [SOLVED] pfSense / Squid vs Untangle - SSL inspection: I installed E2 Guardian last night - I must say it is a very complete package so there is a bit of a learning curve involved. Way more advanced than the Squid equivalent. Nevertheless, I achieved the results I wanted in about 30 minutes - it works exactly as per my expectations. I still have a lot of tuning to do but I have no doubt that I've found what I was looking for. Thanks! No problem at all! Glad I could help! :) If you have any questions, feel free to shoot them through into the E2 Guardian thread and we'll be more than happy to assist!

You can still do some filtering on HTTPS without the MITM. On E2 Guardian, I have multiple groups setup, some which have MITM enabled and some such as in your case that are for Guest Wi-Fi where I can't properly sneak in the CA. On Squid I believe this is referred to as Bump and Splice all. For my guest Wi-Fi setups, I just use the non-MITM method. This is where the proxy is able to see the domain name without the resource path at the end in order to decide if a website should be let through or not. MITM would obviously allow the proxy to look at the entire URL with the resource path and make a informed decision as to whether or not to allow a website through. I prefer it way more than DNS level filtering as it's more flexible. You can set it up for specific users while others can browse those sites just fine. If you've got sometime, I recommend you give E2 Guardian a shot. It worked out a lot better than Squid in my use case and it has the added benefit of actual phrase filtering.

scratch that, clam av uses its FQDN, which is allowed to pass the clam av white list.

@tazmo I have Pfsense with HAProxy installed in it .can u guide how to do load balance between two AWS EC2 Web server Instance with SSL. Even i have SSL purchased from the 3rd party tool.

@albtech See if this website can help WPAD PAC Proxy Configuration

@periko said in Squid negative speed increase: ng the proxy? Did u use auth? This squid server serve about 1200 to 1500 Users. I don't use auth, no error found, dns google work normal.