It's not just you, on v 2.3.1_1, the Squid package it's broken and doesn't even install. Reported to admin but they are just pretending that it's a user's problem rather than a problem with their software/package….. :( Update:               i just found a whole (locked) thread discussing all the problems of this version, even the admins seems to be having a hard time, i tried this but it didn't work, i even changed the PFSense version i am using from the stable one 2.3.1_1 to the development version 2.3.2 to see if it would make any difference,  but has exactly the same problems. Here is the link if you want to give it a try: https://forum.pfsense.org/index.php?topic=109967.0#msg624257 Update: My problem has been fixed here  https://forum.pfsense.org/index.php?topic=113092.msg631132#msg631132

I've fixed it. The solution was to install abandon pfsense and install ubuntu server 16.04 with the squid3 package. Then configure squid3.conf with some simple values.

I solved it by putting these two urls in the whitelist. How can I debug this to see what being blocked in order to find what causes this issue?

Ahh … still get issue ... i use external radius here meanwhile i disable transparent squid + squidguard since its still broke with cp i hope the dev have solid fix this issue soon

Of course it is. The chance is higher to find a virus, trojan and so on earlier the more security features and tools you are using. Just want to give you an additional argument to decide if it is worth to buy new hardware only for ClamAV or if there are other possibilities to secure your network.

Today I've setup a copy of the problematic instance and I have solved the cause of the issue… The clickable "Target Rules List" field disappears if more than 7 "Target categories" are defined. Looks like one for an bug report... By the way... how do I mark this thread as solved? Lars Created a ticket for this issue: -> https://redmine.pfsense.org/issues/6471

So far the only way I have been able to update is to backup the system. Edit the xml backup and restore… Guess will have to wait for the package to be upgraded.

An out of state packet is one that was part of an established session but that session has since been torn down.  All of those blocks are for a FIN ACK (or FIN PUSH ACK), you will note.  The pfSense side says "I'm going to tear this connection down and close it!"  The other side says "OK", but pfSense has already torn the connection down so it sees the OK reply as an unsolicited new connection attempt and blocks it. https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

Awesome.. thanks Nachtfalke! I wasn't aware of that "System Patches" package. I tried this with my SquidGuard changes today and Squid + SquidGuard were working perfect. Everything seemed great until I did a final reboot test. Something went wrong after that to a point where Unbound and DHCP wouldn't load. I was getting some weird certificate type errors on Unbound. I had to revert back to the other slice to recover. I'll have a bit more of a play though and see if I can get it going. Thanks again!

@gersonofstone: Hi reinstall the proxy reports Hi, I've already re-install. Uninstall and install. But still the same. No log after June 1. :(

Confirming this worked for me as well. my error message was: ERROR: No forward-proxy ports configured.

Hi Blendin_Blandin, For HTTP health checks you can do the following: enable 'ssl' on the backend server Http check method : HEAD Though i would probably set a very low check frequency (once a minute or so.?.) or maybe not check at al.. As for the certificate, as your passing the traffic with mode tcp so haproxy doesnt need any additional settings there, a valid certificate needs to configured for the webgui though for the name your typing in the browser. Regards PiBa-NL