Plus One ! An article suggests tha SonicWall also uses MITM to block HTTPS content. https://www.sonicwall.com/en-us/support/knowledge-base/170505508942849 They call DPI-SSL but it seems like a MITM/SSL-Bump solution. Regards.

See alternative to SquidGuard and Dansguardian / e2. GUI is own though and harder to install than desired. https://docs.diladele.com/tutorials/filtering_https_traffic_squid_pfsense/index.html

You have to import the CA into firefox manually. Its under options/advanced/certificates/view certificates/import.

You have two certificates there (webGUI + CA), or just one?

No, absolutely NOT. You need to have your own CA so that Squid can issue certificates for arbitrary domains on the fly. Otherwise, use "Splice All".

That is generally not what people are asking for when they want "Inspection." But it does work pretty well.

Hello, did you find any solution?

Your cache settings look ok.  Perhaps related to the content you're trying to cache?  Reproduce the problem and then post your access.log.

Im now able to access normal websites, i just have to fix it on https sites, thanks for the help.

Just because you are getting a message from Squid when using Squid doesn't mean it's a Squid problem. Squid got a connection reset from the server (or from something else in the way). That's all. Go figure why the server is resetting the connections. Perhaps they use some "helpful" IDS/IPS in place doing this when someone accesses WP admin via a proxy (yes, I have seen those). Squid isn't doing anything here. It simply received RST before it expected that to happen. Another example: https://wiki.squid-cache.org/SquidFaq/TroubleShooting#What_does_.22sslReadClient:_FD_14:read_failure:.28104.29_Connection_reset_by_peer.22_mean.3F

The reason why SMTP stopped working? I don't Know… How I solved it? In "Services" -> "Squid Proxy Server" -> "ACLs" i went to the field "Unrestricted IPs" and set my LAN net in CIDR Format (192.168.1.0/24), then I went to the field "ACL SSLPorts" and set this "2096 587 443 563" After saving, aplying and a reboot, the SMTP was working again. Greetings!

It should work for all devices using pfSense as their gateway.  I assume you have tcp 80/443 blocked on all LANs to force the proxy use?  Your wireless network is on the same subnet as LAN?  Otherwise you might have to include that network in squid's ACLs - Allowed subnets section.

Read this: https://wiki.squid-cache.org/Features/CustomErrors?highlight=%2528faqlisted.yes%2529#Custom_error_pages_not_displayed_for_HTTPS https://redmine.pfsense.org/issues/6777#note-2 Not a Squid issue. This is how browsers are implemented.

**.**windowsupdate.com P.S. Google the difference between URL and domain.

Good question! Ive been looking at HAProxy and reading some instructions I would like to find the same example for  Squid Reverse proxy!