hello, Not sure how often you would like to upload/process your logfile. you can: configure cron to send it via email, configure your "log collector box" to: – sftp/scp to pfsense and get the file to its drive, -- ssh to pfsense and copy file to its drive (not sure if there is pfsense supports sshfs), quite a few options i'd say.

Oh, ok - figured it out….Squid has to listen on loopback (Reverse Proxy interface), NAT rule has to redirect to loopback (Redirect target IP), and NAT reflection has to be disabled (not 100% sure on this one but will test some more). After that, seems to work ok - only issue I'm running into is getting an automatic redirect to the /owa folder - if anyone has anything on that I'd appreciate the info - thanx.

To the WAN IP, where the proxy is listening. Sigh.

@doktornotor: OK, hire some admin I guess. Thanks for the advice…

Do NOT edit the config files, use the GUI.

OK, thanks for verifying.

No, not ATM. https://redmine.pfsense.org/issues/1620

A slightly longer answer is that any SSL/TLS endpoint that is going to decrypt and authenticate incoming HTTPS connections MUST have a certificate because it's the cryptographic identification and authentication of a peer. If an SSL/TLS server you're connecting to claims to be 'www.example.tld' it must present a certificate (preferably signed by a trusted third party so it verifies correctly) with a CN (common name) 'www.example.tld', otherwise the SSL/TLS handshake will be aborted if the server can not present such certificate.

try this ldapusersearch ldap://dc1.domain.com.uy:3268/dc=domain,dc=com,dc=uy?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=Internet,OU=Grupos,dc=domain,dc=com,dc=uy)) "Internet" is my AD group located at "OU=Grupos"

All I can suggest here is starting a bounty for a complete package rewrite. Apparently noone will touch the current buggy code, since it's completely unreadable mess. Unfixable. Alternatively, get some blocklists in Squid's ACL format and use those.

(And, FWIW, about 99% sure this has completely nothing to do with "Bypass Proxy for These Source IPs" or any other Squid configuration. If you cleared whatever other fields, or simple re-saved the Squid config without doing any changes whatsoever, it'd have the same effect (restarting services, reloading firewall, working again until it breaks for god knows what reason…)

@doktornotor: It is intercepting just fine. Recently discussed in the proper forum. If things break, use the manual config, or don't MITM. apologies if I wasn't clear in my post - I am not implementing MITM and have never enabled it.  It would appear that while all other SSL traffic bypasses the proxy just fine (as intended), this one API call with the :443 appended may indeed be SSL but is attempting to go through the proxy.

that's correct.

That block of text is configurable in squidGuard's options.

@doktornotor: @sprinteroz: I found the setting in pfblockerBg that you where talking about but i could not work out what you meant by Force Reload all. Click the Update tab. Ok thanks done… Just a quick question before i install squidguard again how do i change the lists in squadguard once its installed encase I would like to add or remover rules on the lists.

Not ATM, no. Offload it to a logserver and do whatever you want with that, perhaps. (ELK, …)

would you mind telling me the model of Sophos UTM that you have before?