@AndyD Finally an explanation what happened after 2.4 where HAProxy performance dropped like a stone :), lets hope this comes to CE version too.

@JonathanLee

There is an Unofficial-pfSense WPAD package

https://forum.netgate.com/topic/116163/unofficial-wpad-package-for-pfsense-software

https://github.com/freitasbr/unofficial-pfsense-wpad

Works really well if you want to run a proxy and do not want to fully rely on the transparent proxy (which can have connection issues on some programs like sites not working in chrome).

You can also set it up manually however the package makes it easy.

Check to see if your ports are set correctly.

@rpm5099 my config contains a lot of frontends and backends and sensitive information but here is the backend websocket info which you can't see from the screen shots. Hope this helps.

backend webapp_websockets_app_ipvANY
mode http
id 119
log global
http-response replace-header Set-Cookie "^((?:(?!; [Ss]ecure\b).)*)$" "\1; secure" if { ssl_fc }
http-check send meth GET uri /wssapp ver HTTP/1.1\r\nHost:\ mydomain.com\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ haproxy\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
balance roundrobin
timeout connect 5000
timeout server 50000
retries 1
load-server-state-from-file global
option httpchk
timeout tunnel 1h
http-check expect status 101
timeout http-request 10s
timeout http-keep-alive 2s
timeout queue 5s
timeout server-fin 1s
acl hdr_websocket_key hdr_cnt(Sec-WebSocket-Key) eq 1
acl hdr_websocket_version hdr_cnt(Sec-WebSocket-Version) eq 1
acl hdr_connection_upgrade hdr(Connection) -i upgrade
acl hdr_upgrade_websocket hdr(Upgrade) -i websocket
acl ws_valid_protocol hdr(Sec-WebSocket-Protocol) echo-protocol
http-request deny deny_status 503 if !hdr_connection_upgrade !hdr_upgrade_websocket !hdr_websocket_version !hdr_websocket_key
server websocketServer-37 172.18.80.237:443 id 112 ssl check inter 5000 weight 10 verify none
server websocketServer-36 172.18.80.236:443 id 120 ssl check inter 5000 weight 10 verify none

@JonathanLee Thats really great news, sorry was not following this since long (I switched from IT to Development). So to clean things up I will be closing PR and Redmine issue.

Best
Maharsh.

@viragomann
Yes, the host is reachable and the exchange server has the correct certificate.

If I use normal portforwarding without a HAProxy at ports 80+443 from pfsense to the exchange server everything works properly.

@viragomann
Thanks so much for your help. I finally got it working with WAN and LAN

Some sites you need to splice it is complex software to configure. Don't give up you got your splice list keep going...

@viragomann Got it working!
I wasn't able to reboot pfSense before because it's on production. Last night I scheduled a window and voilá... it works now.
Thanks!