Check with firebug or embeded site debug available on current browsers. Check network status to see it the authentication are poping up for each image. Or if show site erros on JavaScript

Does it look like what you need?

[Internet] [real IP address] [Proxy 1] – 192.168.4.70  [192.168.4.0/24]  192.168.4.80  –--- [Proxy 2] –--- 10.30.30.1    -----  LAN users
                                                  --  192.168.5.70  [192.168.5.0/24]  192.168.5.80  –--                ----- 10.30.30.2    ---------

When you give IP to users, will it be proxy IP or gateway IP?
Or it does not matter?
Why do you need to mask proxy, exactly? Could you explain in detail, preferably live example?
Are you good at networking or newbie ?

if it helps for web filtering

https://forum.pfsense.org/index.php?topic=112335.0

You'd have to set that in your squid settings somehow. All the firewall sees is the client talking to the proxy on the proxy port. Beyond that it's the proxy handling whatever the client wants.

Its a project for work so I do need the https filtering but as its BYOD I can't push certs. Splice all works, its just that there is no url database that comes close to what Fortigate offers. I didn't expect it would work as well, the databases being provided for free after all.

So I do want https filtering I just don't want to push certs but all sichent posts assume I'm ok with certs ;)

In short: Splicing blocks https but the lack of a solid (paid) database means pfsense won't be an alternative to our Fortigates.

https://forum.pfsense.org/index.php?topic=124402.msg688335#msg688335

Hi

a big thanks
The problem was i don't define a name for the acl action  :-[ :-[ :-[

thank you for your help.

Lolo

Sorry, I was absent and haven't access to forum

I find source of problem. It's appear when in field "Remote syslog host" I fill "/var/run/log", recommended for local logging. And after I clear this field - no problem with log files. But I not see any messages from Haproxy in local log.//

i have apply the modification,

i will see today  if there are any changes (i have meet the problem not with the portail 365 but the outlook 201x)

an other question when we use splice whitelist bump otherwise, (squidguard will not work ??), so we should enter the domains that we will allow in acls whitelist ?? just that ?? the target categories of squidguard also no ??

Thanks

Create Aliases Called add WindowsUpdate and the following list for the networking group
157.54.0.0/15
157.56.0.0/14
157.60.0.0/16
65.52.0.0/14
70.37.0.0/17
70.37.128.0/18
207.46.0.0/16
131.107.0.0/16
66.119.144.0/20
23.96.0.0/13
204.79.195.0/24
204.79.196.0/23
208.76.44.0/22
208.68.136.0/21
216.220.208.0/20
209.240.192.0/19
204.14.180.0/22
206.191.224.0/19
192.92.90.0/24
208.84.0.0/21
104.40.0.0/13
192.197.157.0/24
204.231.192.0/24
104.208.0.0/13
129.75.0.0/16
204.79.179.0/24
64.4.0.0/18
167.220.0.0/17
167.220.128.0/18
167.220.192.0/19
192.92.214.0/24
207.68.128.0/18
13.64.0.0/11
13.96.0.0/13
13.104.0.0/14
146.147.0.0/16
52.145.0.0/16
52.146.0.0/15
52.148.0.0/14
52.152.0.0/13
52.160.0.0/11
52.224.0.0/11
52.96.0.0/12
52.112.0.0/14
52.120.0.0/14
52.125.0.0/16
52.126.0.0/15
52.130.0.0/15
52.132.0.0/14
52.136.0.0/13
138.196.0.0/16
150.171.0.0/16
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.96.0.0/12
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17
40.64.0.0/13
40.126.128.0/17
40.127.0.0/16
40.126.0.0/18
204.13.120.0/21
204.152.18.0/23
Then you go to Services –-> Squid Proxy Server ----> Bypass Proxy for These Destination IPs
Enter the created aliase called WindowsUpdate
And this way it fixes all the updates for Windows with Transparent Proxy

@ozbob:

After updating to pfsense 2.3.3 lost squid ntlm integration I installed with a samba script

Shit like installing Samba on the firewall is NOT supported.

::) ::) ::)

What kind of states are there? On wan or lan side? Having a acl or not should have no effect to the number of states.. Are you using transparent-Client-Ip on the backend?

To get rid of states you could possibly make some stateless floating rules, then pfsense wont track states anymore. Make sure to allow both ways and all types of flags..

False positives need to be reported to signatures maintainer, not here

When I try to request a certificate, I get an error.
The manual call of the URL supplies a service unavailable.

http://aaa.bbb.com/.well-known/acme-challenge/key [123.123.123.123]: 503

I think the ACME-Backend works not as expected.
How can I configure the firewall/HAProxy to listen on port 8080 for serving the files ACME wants to see?

You may look at the package Service Watchdog also for restarting stopped services.

If you are using this broken thing, then kindly fix the permissions are noted in the readme.