Netgate SG-2100 with SquidGuard Proxy Filter too slow
-
Hi there,
Thank you for reading my request.
I have a Netgate SG-2100 appliance with PfSense + in version 22.05-RELEASE on which I have set up an OpenVPN Site-to-Site client in Peer to Peer SSL/TLS mode.
Before uploading this material to my remote site, I wanted to add an https proxy with URL filtering for security.
So I installed Squid without problem then SquidGuard to manage the list of URLs.
Since the installation of SquidGuard, internet surfing is ultra slow or almost impossible.
I redid the installation several times with various tutorials on the net but the result is always the same.
Thank you for your precious help. -
What bandwidth is your WAN? What speed do you see through Squid/Squidguard?
How is that traffic routed? All over the VPN?
Do you see anything logged?
How is Squid configured? Proxying SSL traffic?
Steve
-
WAN is 1Gbits Fiber Router.
All the traffic is routed to internet except one network who is routed to VPN.
With use of Squid no problem with ssl proxying traffic except network VPN.
Just activate squidguard causes the defect.
My seller says the 2100 is not powerful enough to use squidguard so why leave the option in there ?
I search one person who activate squidguard on 2100 with success to change settings... -
The 2100 can run Squid/Squidguard but it is a big and resource hungry package. It will reduce the throughput.
If you just want to filter URLs it's usually better to use DNSBL in pfBlocker-NG.Steve
-
DNSBL is black list for spam. I prefer URL filter to block porn, religion, hack ... website. So i want to use Squidguard but they don't work with SG-2100. If you know a tutorial who works with SG-2100 i want please.
-
No DNSBL is a tool for filtering DNS results. It can filter anything that uses pfSense for DNS so that includes web browsing unless the browser deliberately bypasses it.
-
My DNS is my Windows Domain Controller accessible throught VPN so i don't use SG-2100 for dns request just web access on site.
Or can i use DNSBL to add DNS record of my domain ?
-
Then in order to use DNS-BL you would need to have the DC yse pfSense for it's DNS.
Or filter DNS in the DC with some other tool.
Steve
-
Thanks for your answer. Do you know a tutorial who work for SG-2100 with SquidGuard ? i can't use DNS Solution with my configuration.
-
The 2100 is no different to any other device when setting up Squid/Squidguard. Our own walk-through here would be fine.
Steve
