@massao said in PROXY x PROXY TRANSPARENTE: I have yes DHCP but in mikrotik, and Active Directory in windows 2012 R2. The structure looks like this: 2 Internet link arriving in Mikrotik, and mikrotik connected pfsense and AD ok . Use your AD to host wpad file via IIS. Use DHCP to serve wpad files. all machine should be configured with "automatic detect settings" this can be done via AD too. Refer below link : https://findproxyforurl.com/deploying-wpad/

@genseb I have not used transparent proxy. may be it should create automatic NAT when you add port there in Safe_ACL. Pfsense is a Good firewall, but lot of issues in proxy.

Ok, I clicked enough around and found I needed to enable this interface. Now the enabled OPTx interfaces appear in the squid proxy interface list.

I didn't know that that exists. Thanks

I odn't think so. pfSense squid has no definition for snmp_port that I could find. Nothing in the GUI either, so it may not support SNMP at all.

@helpuser copy your keytab file as: /etc/krb5.keytab chown :proxy /etc/krb5.keytab chmod 0750 /etc/krb5.keytab squid.conf : auth_param negotiate program /libexec/squid/negotiate_wrapper_auth --ntlm /libexec/squid/ntlm_auth mydomain.ru --helper-protocol=squid-2.5-ntlmssp --kerberos /libexec/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME Refer below link : https://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

@mr-newbie By the way, I have installed squid, squid proxy and light squid. I also configured LDAP for my Active Directory users so the transparent proxy was not enabled. Thanks for your suggestion. :)

From my understanding memory cache amount is the minimum squid will use for cache plus you also have to allow for antivirus scan's, in transit object's, etc. For instance on my home network I use 1024mb and 256kb and when I check System Activity squid is using 2646mb. and Clam is using another 948mb.plus you have to provide memory for any other package's you install and the firewall itself.

@piba I might try creating a lua script in the future, i guess i start reading about the inner working of Remote Desktop Gateway or try a attempt to decompile some MS binaries :-) to get a idea what they are doing. Thanks for the help so far.

Yes I can confirm it works after applying that patch.

@PiBa Once I made that setting change and turned the HTTP monitoring back on it started working. Thanks!!

Update: PAP does work but it's insecure - is there any other options?

2.4.5 uses a newer copy of the ports tree where www/squid has changed to squid 4, but the package code is still only for squid 3. We fixed the dependency on the squid package to use www/squid3, but squidGuard is still looking for squid 4.x. We'll get that fixed shortly.

WOL magic packet is a broadcast packet. As far as I know there are no ways to broadcast to passthrough different IP-networks. And Pfsense has nothing to do with it. You can definitely use WOL from inside your local network. So, preliminarily, you need any VPN connection to any device/pc/server inside and send a WOL from it.

Have the same issue from the first time i'd tried to configure an SSL interseption (about half a year ago). I've made all possible with no result. Therefore was forced to use ipcad for logging and pass users just through firewall rules. The only idea I have is that this might have something connected with ISP. e.g. what if your ISP use SSL interception too? Then, I guess, "double interception" wouldn't work smoothly.

Are you sure it said NTLM there and not NT Domain? NTLM has been gone for so long I can't even find a record in git of when it was removed. NT Domain auth has been gone since 2016, it apparently never worked on 2.3 and later. So you must have been coming from an extremely outdated version.