[SOLVED] pfSense / Squid vs Untangle - SSL inspection



  • Hi All,

    I've just made the jump from Untangle to pfSense, and I have a question with regards to SSL inspection for the URL filter:

    Untangle somehow manages to pull off filtering SSL sites without deploying a cert on all endpoints (e.g. legitimate banking sites using SSL are not blocked, but blacklisted sites using SSL are).

    The configuration on the Untangle was a no brainer - however I do understand that some work would be required to implement it effectively in pfSense. Has anyone managed to implement this successfully and how?

    Thanks in advance for your help!

    Nadmax.



  • I've implemented this quite easily through using E2 Guardian, you can do the same by using Squid on the Splice all mode. From a filtering perspective, MITM is more desirable as it can allow filtering engines to see the entire URL link rather than just the domain name. Furthermore E2 Guardian for example has the added benefit of actually scanning the content and phrases within the page to determine if it should be let through or not.

    I've personally got a mixture of both through using E2 Guardian, on the LAN network which I have full control over I have full MITM and on the Guest network i use the Splice all approach.

    So to sum it all up, you've got two options. You may either use squid or E2 Guardian. I've personally used both and found E2 Guardian to be a lot more modern and give less issues. Even if it does require you to add an extra repository.



  • Super! Thank you for this - I'll give it a shot this weekend.

    Do you still use Squid for the web cache? It's a feature I would like to keep on using, in other words - can I have a hybrid setup with Squid for caching and E2 Guardian for url filtering?

    [edit] I've found the answer to the question while scouring the forums. E2Guardian has a dependency on Squid (or any other proxy solution).

    Thanks again!



  • @nadmax said in pfSense / Squid vs Untangle - SSL inspection:

    Super! Thank you for this - I'll give it a shot this weekend.

    Do you still use Squid for the web cache? It's a feature I would like to keep on using, in other words - can I have a hybrid setup with Squid for caching and E2 Guardian for url filtering?

    [edit] I've found the answer to the question while scouring the forums. E2Guardian has a dependency on Squid (or any other proxy solution).

    Thanks again!

    E2 Guardian as of v5 actually doesn't need to rely on a Upstream proxy. I had the same idea as you initially, using Squid for caching but I found out quite quickly that Squid 3 slows down traffic rather than actually speeding up traffic. Furthermore, the caching benefits these days have become quite limited as the web is more dynamic. I may re-consider using Squid when the newer version comes out and doesn't have the same performance regressions.



  • I installed E2 Guardian last night - I must say it is a very complete package so there is a bit of a learning curve involved. Way more advanced than the Squid equivalent.

    Nevertheless, I achieved the results I wanted in about 30 minutes - it works exactly as per my expectations. I still have a lot of tuning to do but I have no doubt that I've found what I was looking for.

    Thanks!



  • @nadmax said in [SOLVED] pfSense / Squid vs Untangle - SSL inspection:

    I installed E2 Guardian last night - I must say it is a very complete package so there is a bit of a learning curve involved. Way more advanced than the Squid equivalent.

    Nevertheless, I achieved the results I wanted in about 30 minutes - it works exactly as per my expectations. I still have a lot of tuning to do but I have no doubt that I've found what I was looking for.

    Thanks!

    No problem at all! Glad I could help! :)

    If you have any questions, feel free to shoot them through into the E2 Guardian thread and we'll be more than happy to assist!


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy