@PiBa Once I made that setting change and turned the HTTP monitoring back on it started working. Thanks!!

Update: PAP does work but it's insecure - is there any other options?

2.4.5 uses a newer copy of the ports tree where www/squid has changed to squid 4, but the package code is still only for squid 3. We fixed the dependency on the squid package to use www/squid3, but squidGuard is still looking for squid 4.x. We'll get that fixed shortly.

WOL magic packet is a broadcast packet. As far as I know there are no ways to broadcast to passthrough different IP-networks. And Pfsense has nothing to do with it. You can definitely use WOL from inside your local network. So, preliminarily, you need any VPN connection to any device/pc/server inside and send a WOL from it.

Have the same issue from the first time i'd tried to configure an SSL interseption (about half a year ago). I've made all possible with no result. Therefore was forced to use ipcad for logging and pass users just through firewall rules. The only idea I have is that this might have something connected with ISP. e.g. what if your ISP use SSL interception too? Then, I guess, "double interception" wouldn't work smoothly.

Are you sure it said NTLM there and not NT Domain? NTLM has been gone for so long I can't even find a record in git of when it was removed. NT Domain auth has been gone since 2016, it apparently never worked on 2.3 and later. So you must have been coming from an extremely outdated version.

Damn .. I didn't spot they were milliseconds .. though I was OK on frontend !! Thanks for the help .. dropped to default, and bingo!

@kennymaccormik Add it to the advanced text box..

@emammadov https://forum.netgate.com/topic/24436/custom-squidguard-error-pages-how-to/9 https://forum.netgate.com/topic/69306/custom-squidguard-error-how-to

Hi, It seems that issue was that we use only 1 NIC (as WAN) Since we've installed a second NIC and defined 1 NIC as WAN and the second as LAN, everything works well! Seb

Added a custom ACL and used this https://stackoverflow.com/questions/23342036/haproxy-restrict-single-backend-by-ip-range

I moved the galaxy backend to the ssl offload fronted.

@lorelore75 You can install it while running, though it might cause a interruption regarding the handling of requests, and do check the new version is running after installing. Haproxy-devel replaces haproxy, and uses the same configuration settings so 'upgrade' should be pretty much seamless. Going back to 'haproxy' package should also be possible but sometimes 'upgraded' settings don't take effect in the older version.. So careful a quick comparison of the expected haproxy.cfg is wise to do :), but i guess thats also true when performing upgrades :)