Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense transparent proxy speed issues

    Scheduled Pinned Locked Moved Cache/Proxy
    9 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ppickup
      last edited by

      Hi all,

      We currently have a PFSense box at on of our sites, the site has about 700 devices that are not used concurrently but they do create quite a load on the box.

      We are having an issue with Transparent proxy, they have a 200mb lease line that when is fine when not using transparent proxy, when using transparent the speed drops to approx. 25. Has anyone else had an issue with transparent?

      The pfsense box is quad core i3 and has 8GB RAM, CPU doesnt seem to be an issue from monitoring it.

      Is there any tuning we can put in place that would improve the speeds as with the size of the site we cant afford that drop in speed.

      Thanks
      Paul

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Are you saying its fine when you use explicit proxy? Are you using cache? Maybe its IO that is your problem and not cpu usage.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          ppickup
          last edited by

          Hi, thanks for the reply

          Yes, explicit proxy works fine, it is only when transparent proxy is turned on and proxy details removed from clients that the issues starts

          We are not using cache as this was one of the things we read could cause this issue

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            hmmm - You might get more help in the proxy section... I will move this thread there. Of the top no idea - but that works with explicit and no cache is good info..

            I will see if I can duplicate the problem when I get a chance.

            Why is you can not use explicit? Why can you not just hand out the proxy info via wpad?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              ppickup
              last edited by

              Strange isn't it

              We have some devices on site that cant have a proxy set and would therefore stop working, so we require transparent

              Thanks again

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                What devices are those - just curious... Some crappy IOT thing?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • P
                  ppickup
                  last edited by

                  Its actually iOS devices that i was told wouldnt support WPAD, having done a bit of looking it seems they should work with it, i think guest network may be a problem but at least we can try it

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Ios device like a iphone or ipad? They support proxy ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • I
                      Impatient
                      last edited by

                      Is Squid the only package on the pfSense box?

                      Also I would check if the firewall rule that Squid adds in transparent mode is conflicting
                      with other firewall rule's.

                      With that amount of user's there is quite a lot of tuning that can be done.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.