I found that lancache is better at caching steam and windows updates than squid. Though you can setup squid to cache these updates. Best way to do it is the following
install squid and set it up and add refresh pattens https://github.com/mmd123/squid-cache-dynamic_refresh-list Configure all clients to use the proxy manually or setup pfsense to use a WPAD to do it automatically. For software that does not support autoconfigure proxy enable transparent proxy, do not rely on only the transparent proxy as it can break things. Enable transparent SSL and under SSL/MITM Mode either select spliceall or if you want to cache some ssl select custom4a. under Custom Options (SSL/MITM) here you can create your squid rule, for an example if you do the follow
Create a txt file at
/home/bumpsites.txt
/home/excludeSites.txt
the bumpsites.txt are all the sites you want do decrypt so you can cache it, an example will be like this
download.nvidia.com us.download.nvidia.com international-gfe.download.nvidia.comThis will bump the nvidia driver url and will allow you to cache the update
While it may seem nice to bump and decrypt everything sadly that breaks a lot of things and not everything can be cached. So the best option is to see what are the biggest download urls on your network, first see if you can are able to decrypt and cache it without any issues then add it to the to the list and restart squid.
Play around with it and let me know how you go.