I understand you your speaking quite well as I have a few family members by marriage of German decent. I have spent a great deal of time with and have come to be able to pickup what they are saying quite easily. As far as the reading you mentioned goes, reading is not the issue. The issue is understanding the terminology and most writings about pfsense, don't go into great detail " in laymen's terms " on what things do in the program. When coming to these threads, one really has to rely on the quality of the responses which can be shaky at times. Answers are answers; but if they are not intelligible by the reader, then they haven't provided the help desired and this is my biggest issue so far. I really appreciate that you have taken time to assist and it has definitely pushed me to tinker a little harder and see what does what. For squid and squid guard. since I figured out that the blacklist requires daily updating, I followed the instructions I mentioned for cron and it seems to be doing what it is supposed to. Frankly, I'm a little blown away that squid doesn't have a native option for this. For proxy and wpad. I worked my way through he directions and the proxy works. WPAD not so much. Even though I created the files, placed them in the correct directories and added the DHCP rule, my computers still bypass the proxy unless I go into the internet option on my browsers and point them to the proxy. I can verify this using light squid. Additionally, with squid guard, the rules set for website types don't pickup unless, I add the setting for the proxy in the browser. These above are the issues that still remain and I'm not ruling out user error in my settings. Just really hoping that someone else has experience the same issues and can pass along what they did to fix them.

The culprit i have found it in fact to be the "Antivirus", ClamAv and I-cap. The speeds are nearly identical, up above 90/70 with it turned off. With it on upload in particular is hitting around the 30 mark. Barely over at times. Any suggestion(s) in tuning ClamAV and I-Cap?

I think that it has something to do with your Squid config. Check the ACL and throttle tabs. Make sure that your settings are correct. Read the directions.

on a clean install of 2.2.3 it starts up and runs (needs to sit a while after doing the first update) then it gives the "Warning: file_put_contents(/usr/local/etc/havp/havp_conf.xml): failed to open stream: No such file or directory in /usr/local/pkg/havp.inc on line 604" but does work with the latest update

Sigh. No, pfSense does not reinstall package on reboots. It reinstalls them on upgrade. It clearly failed with the squidGuard junk.

Are you blocking port 80 on the Lan2(wifi) interface? Also, if squid is on the default Lan interface you need a both in both interfaces that allows them to talk to each other or just the squid Lan address to port 80. These rules have to be above the rule that blocks port 80 (if any) on both interfaces. i.e. LAN                                                                        LAN2 lan add – lan2 * (allow)                                  lan2 * --- 80 lan add (allow) lan2  *  -- 80  lan add (allow)                          lan add  --- 80  lan2 * (allow)                                lan *  ---  80 * (block)                                    lan2* --- 80 * (block) This is of course if you only want the two interfaces to communicate via port 80 only. Otherwise set for allow all.

@commy: Squid3 seems to ignore IPv6 traffic, which is coming over a tunnel with HE. I do not see any options to switch IPv6 on. Is it not supported? It looks like the used verision 3.0 of Squid does not support IPv6, it only listens on IPv4. According to Squid documentation, Squid 3.1 is required for IPv6. I hope that it will bundled with pfSense, soon.

Hello all, I am not an expert in any of this by no means so can someone help with setting the helper to pull attributes from AD or else just the username ip/hostname of the machine? I simply need this for accounting. To see who is who and doing what. Security is not that big of any issue. Thanks.

Sure, I'm willing to post it after some of the bugs are fixed. Maybe some talented community people could improve upon it from there.

@jbhowlesr There are also two books out: pfsense the definitive guide Squid Proxy Server 3.1: Beginner's Guide It may helps you faster go deep into the things

@TheLimey: See here for update: https://forum.pfsense.org/index.php?topic=87526.msg537585#msg537585 This is good news!  I would be willing to test it if it wouldn't mess up the GUI package management down the road.

So allow any port to the webhoster's FTP server only, if they insist on restricting other traffic. If they send their credentials like this, they'll just have the website defaced sooner or later.

Hmm I'll compare package versions and see if that figures in.

At general to talk about your amount of RAM, a safe number is 10 MB RAM for every 1 GB of cache space on disk. Please have also a look to all other services that should be running smooth, like Snort, like pfSense it selfs,….... Squid Package Tuning would be a good point to start. Squid Proxy Server 3.1: Beginner's Guide & pfSense: The Definitive Guide Version 2.1 I think this two books would be also really interesting for you if you want to dive deeper in the material, for longer winter's evenings.

WPAD Autoconfigure for Squid This is the 3rd time I've linked to this for you.  Read it.  It's not hard.

Dear, good morning, I arrived at the forum by a concern for days (not to say weeks) brings me headaches. I need to mount squid web cache. I currently have a fortigate 80c makes content filtering, validated by Active Directory user (This ad group has permission to enter Facebook and such other does not). The problem is that putting squid (transparent mode or not) I become user filter that makes me fortigate (I assume for some issue that makes me nateo squid, correct me if I'm wrong). Currently I have installed 2.2.3-RELEASE (amd64) with squid3. Someone might throw me a line about how you can do so squid does not make me any change in the source IP or the user who is making the request, so that in this way the filter can continue to operate and fortigate page caching ? I also read configure WCCP theme, but my fortigate (humble) has no more available ports that the 2 wan and internal, which if not working. Anyone have any suggestions? Thank you in advance and I look forward to your life. Regards.

This may be related to empty blacklist after a reboot. this script created by carlospicture placed on /usr/local/etc/rc.d may help: #!/usr/local/bin/php -f     $incl = "/usr/local/pkg/squidguard_configurator.inc";     if (file_exists($incl)) {         require_once($incl);         sg_reconfigure_blacklist( "http://www.shallalist.de/Downloads/shallalist.tar.gz", "" );     }     exit; ?>

Start from the beginning.  Which version of pfSense, squid, squidguard?  Start with squid first.  Get it to the point where it's processing properly by shelling in and checking /var/squid/logs/access.log in realtime.  Once you know squid is processing, then install and configure squidguard.  Don't use transparent mode, use explicit mode with WPAD instead.