@helpuser copy your keytab file as: /etc/krb5.keytab chown :proxy /etc/krb5.keytab chmod 0750 /etc/krb5.keytab squid.conf : auth_param negotiate program /libexec/squid/negotiate_wrapper_auth --ntlm /libexec/squid/ntlm_auth mydomain.ru --helper-protocol=squid-2.5-ntlmssp --kerberos /libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME Refer below link : https://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

@mr-newbie By the way, I have installed squid, squid proxy and light squid. I also configured LDAP for my Active Directory users so the transparent proxy was not enabled. Thanks for your suggestion. :)

From my understanding memory cache amount is the minimum squid will use for cache plus you also have to allow for antivirus scan's, in transit object's, etc. For instance on my home network I use 1024mb and 256kb and when I check System Activity squid is using 2646mb. and Clam is using another 948mb.plus you have to provide memory for any other package's you install and the firewall itself.

@piba I might try creating a lua script in the future, i guess i start reading about the inner working of Remote Desktop Gateway or try a attempt to decompile some MS binaries :-) to get a idea what they are doing. Thanks for the help so far.

Yes I can confirm it works after applying that patch.

@PiBa Once I made that setting change and turned the HTTP monitoring back on it started working. Thanks!!

Update: PAP does work but it's insecure - is there any other options?

2.4.5 uses a newer copy of the ports tree where www/squid has changed to squid 4, but the package code is still only for squid 3. We fixed the dependency on the squid package to use www/squid3, but squidGuard is still looking for squid 4.x. We'll get that fixed shortly.

WOL magic packet is a broadcast packet. As far as I know there are no ways to broadcast to passthrough different IP-networks. And Pfsense has nothing to do with it. You can definitely use WOL from inside your local network. So, preliminarily, you need any VPN connection to any device/pc/server inside and send a WOL from it.

Have the same issue from the first time i'd tried to configure an SSL interseption (about half a year ago). I've made all possible with no result. Therefore was forced to use ipcad for logging and pass users just through firewall rules. The only idea I have is that this might have something connected with ISP. e.g. what if your ISP use SSL interception too? Then, I guess, "double interception" wouldn't work smoothly.

Are you sure it said NTLM there and not NT Domain? NTLM has been gone for so long I can't even find a record in git of when it was removed. NT Domain auth has been gone since 2016, it apparently never worked on 2.3 and later. So you must have been coming from an extremely outdated version.

Damn .. I didn't spot they were milliseconds .. though I was OK on frontend !! Thanks for the help .. dropped to default, and bingo!

@kennymaccormik Add it to the advanced text box..

@emammadov https://forum.netgate.com/topic/24436/custom-squidguard-error-pages-how-to/9 https://forum.netgate.com/topic/69306/custom-squidguard-error-how-to

Hi, It seems that issue was that we use only 1 NIC (as WAN) Since we've installed a second NIC and defined 1 NIC as WAN and the second as LAN, everything works well! Seb

Added a custom ACL and used this https://stackoverflow.com/questions/23342036/haproxy-restrict-single-backend-by-ip-range