Well, I hope this is the place...
-
... to drop an idea going back 20 years.
I had the pleasure of using an M$ product back in the day - an ISA Server 2003(?) ...
Enough beating around the bush. That firewall had client software that installed allowed the firewall to intercept https traffic, analyze and relay encrypted both ways.
I want snort to analyze my http traffic again. Not VPN or other secured traffic but just http since so much traffic is that protocol and to me it represents the greatest weakness.
As I recall a client would https out, then ISA would use its assigned certificate to represent the client outbound and inbound would re-encrypt to the client. Some clients could be forced to traffic through this "man in the middle attack" while others could be allowed to bypass the process.
The other thing that ISA was great at was scrolling live packets both allowed and blocked seemingly real time. Like netmon/wireshark do (sans the FW processing). I really used that function of watching traffic like that. There was a very sophisticated filtering function so that live you could analyze traffic.
Pfsense on login, when the firewall log is on the dashboard takes a very long time, so I had to remove that widget. Woes me. ;0)
-
There's a bug for the firewall log widget being slow: https://redmine.pfsense.org/issues/12673
It's fixed in 24.03. The patch likely applies to 2.7.2.
