Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Netgate SG-2100 with SquidGuard Proxy Filter too slow

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    10 Posts 2 Posters 954 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grisvald
      last edited by

      Hi there,
      Thank you for reading my request.
      I have a Netgate SG-2100 appliance with PfSense + in version 22.05-RELEASE on which I have set up an OpenVPN Site-to-Site client in Peer to Peer SSL/TLS mode.
      Before uploading this material to my remote site, I wanted to add an https proxy with URL filtering for security.
      So I installed Squid without problem then SquidGuard to manage the list of URLs.
      Since the installation of SquidGuard, internet surfing is ultra slow or almost impossible.
      I redid the installation several times with various tutorials on the net but the result is always the same.
      Thank you for your precious help.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by stephenw10

        What bandwidth is your WAN? What speed do you see through Squid/Squidguard?

        How is that traffic routed? All over the VPN?

        Do you see anything logged?

        How is Squid configured? Proxying SSL traffic?

        Steve

        1 Reply Last reply Reply Quote 0
        • G
          Grisvald
          last edited by Grisvald

          WAN is 1Gbits Fiber Router.
          All the traffic is routed to internet except one network who is routed to VPN.
          With use of Squid no problem with ssl proxying traffic except network VPN.
          Just activate squidguard causes the defect.
          My seller says the 2100 is not powerful enough to use squidguard so why leave the option in there ?
          I search one person who activate squidguard on 2100 with success to change settings...

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The 2100 can run Squid/Squidguard but it is a big and resource hungry package. It will reduce the throughput.
            If you just want to filter URLs it's usually better to use DNSBL in pfBlocker-NG.

            Steve

            1 Reply Last reply Reply Quote 0
            • G
              Grisvald
              last edited by

              DNSBL is black list for spam. I prefer URL filter to block porn, religion, hack ... website. So i want to use Squidguard but they don't work with SG-2100. If you know a tutorial who works with SG-2100 i want please.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                No DNSBL is a tool for filtering DNS results. It can filter anything that uses pfSense for DNS so that includes web browsing unless the browser deliberately bypasses it.

                1 Reply Last reply Reply Quote 0
                • G
                  Grisvald
                  last edited by Grisvald

                  My DNS is my Windows Domain Controller accessible throught VPN so i don't use SG-2100 for dns request just web access on site.

                  Or can i use DNSBL to add DNS record of my domain ?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Then in order to use DNS-BL you would need to have the DC yse pfSense for it's DNS.

                    Or filter DNS in the DC with some other tool.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • G
                      Grisvald
                      last edited by

                      Thanks for your answer. Do you know a tutorial who work for SG-2100 with SquidGuard ? i can't use DNS Solution with my configuration.

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        The 2100 is no different to any other device when setting up Squid/Squidguard. Our own walk-through here would be fine.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.