Pfsense 2.1.5 block windows update

firefox

i have a computer with pfsense 2.1.5 on it
and the packages

HAVP antivirus
snort
squidGuard
squid 
pfBlocker
Avahi

i just Formatted a computer
During updates after installation

I received an error message
I Googled it
And was told it was because proxy or blocking

I connected the computer to A simple home router
And everything worked correctly
all update worked

so i try to add aliases to microsoft update And let him pass freely without Go through any of the packages
But it is impossible
Because their numbers change

how do i do that ?

doktornotor

Stop proxying it.

firefox

how do i do that ?

KOM

By getting rid of squid.  The actual hit rate is so low (4-7%) that it's not really worth it to cache web data anymore.  These days squid is more valuable as the basis for URL filtering with squidguard.  If you don't want to remove squid, you can set his hard disk cache size to 0 or 1 and the hard disk file system to null.

doktornotor

http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

JonathanLee

Filtering with squid transparent proxy is very relevant. Squid utilizes a built-in anti virus that frequently scans the content of the websites as they are cached. This proxy also acts also as a content accelerator for your most often downloaded content if the watermarks match. This is a mock DMZ for home use when the anti virus is being utilized. This speeds up use of many items like pictures and icons that never change on some websites. Windows update is the only issue that I cant not figure out. The update stalls out and aborts, however Hulu, Disney +, and Amazon Prime run better than ever before. When I am looking for a movie all the icon images are now not being reloaded when you browse up or down. All of this works flawless. Anti virus, Windows updates, and Xbox One are the only issue. This is night and day on a home network. The fine tuning takes some time. It still works with the containers as the are spun up and destroyed after use. It's the man in the middle with a anti virus scanner. There has to be an option for Windows 10. What network wants to push the same items down over and over and over for no reason? Not mine, use that free space now for better streaming, or other dynamic content. Leave the simple same items day after day sitting in that catch. I have 38 percent hits on some websites. That means its working perfectly. Yes it's not the 1990s with 56k modems but lets face it, how much better my network is running when this is functional demands respect. Thank you pfSense.

aGeekhere

@jonathanlee
Use WPAD and set your system to automatically detect proxy settings (web browsers and the system should use the WPAD not the transparent + MITM ).
Have transparent + MITM splice all to catch the rest of the traffic that cannot go through the WPAD.

There is also a unofficial WPAD package for pfsense that works really well.
https://forum.netgate.com/topic/100342/guide-to-filtering-web-content-http-and-https-with-pfsense-2-3/190

The main issue users have they install squid + squidguard and turn on transparent proxy and a MITM and sites break or servers like windows updates do not work.

Also caching steam and Epic games is quite useful these days.

So quick answer to fixed these issue
Manual configure proxy or setup a WPAD (some devices like android need to be manually configured)
turn on squid transparent proxy
Turn on MITM splice all

See how that goes.

chpalmer

6 year old post about 2.1.5??