Simple fix. [image: 1547077822237-lightsquid-resized.jpg]

What?

Bypass is not destination in your case. It is source as it is internal IP and outgoing traffic, if you change that i guess it will work for you.

Hi @surinameclubcard thanks for taking the time to answer! I will definitely try that second example then. FWIW, I am currently using the first example i.e. NAT then HAProxy, and can confirm that does work.

Replying to myself: I just did a clean install of pfSense 2.4.4p1 and tried above with the haproxy-devel package: Create a frontend, name it "test", save, Open "test", add an ACL, notice there is no "Traffic is ssl (no value needed):" option, Just to continue, name the ACL "https", expression="Host starts with:", value="https", save, Open "test" once again, edit the ACL, notice now there is the "Traffic is ssl (no value needed):" option, Change the expression to "Traffic is ssl (no value needed):", remove the value, save, same error. Or the ACL was completely removed. Either something is broken or I am completely not understanding this user interface?

Anyone challenged with clamav and icap errors? I've increased the parameters recommended here. It seems to resolve the issue I'm currently seeing, but I now have each parameter at 3x their original default. I just hit another icap error and am getting ready to go to 4x, but I can't help but think clamav isn't worth running.

Thanks for the info. Astounding is what this is. :-)

@massao said in PROXY x PROXY TRANSPARENTE: I have yes DHCP but in mikrotik, and Active Directory in windows 2012 R2. The structure looks like this: 2 Internet link arriving in Mikrotik, and mikrotik connected pfsense and AD ok . Use your AD to host wpad file via IIS. Use DHCP to serve wpad files. all machine should be configured with "automatic detect settings" this can be done via AD too. Refer below link : https://findproxyforurl.com/deploying-wpad/

@genseb I have not used transparent proxy. may be it should create automatic NAT when you add port there in Safe_ACL. Pfsense is a Good firewall, but lot of issues in proxy.

Ok, I clicked enough around and found I needed to enable this interface. Now the enabled OPTx interfaces appear in the squid proxy interface list.

I didn't know that that exists. Thanks

I odn't think so. pfSense squid has no definition for snmp_port that I could find. Nothing in the GUI either, so it may not support SNMP at all.