PFsense transparent proxy speed issues



  • Hi all,

    We currently have a PFSense box at on of our sites, the site has about 700 devices that are not used concurrently but they do create quite a load on the box.

    We are having an issue with Transparent proxy, they have a 200mb lease line that when is fine when not using transparent proxy, when using transparent the speed drops to approx. 25. Has anyone else had an issue with transparent?

    The pfsense box is quad core i3 and has 8GB RAM, CPU doesnt seem to be an issue from monitoring it.

    Is there any tuning we can put in place that would improve the speeds as with the size of the site we cant afford that drop in speed.

    Thanks
    Paul


  • Rebel Alliance Global Moderator

    Are you saying its fine when you use explicit proxy? Are you using cache? Maybe its IO that is your problem and not cpu usage.



  • Hi, thanks for the reply

    Yes, explicit proxy works fine, it is only when transparent proxy is turned on and proxy details removed from clients that the issues starts

    We are not using cache as this was one of the things we read could cause this issue


  • Rebel Alliance Global Moderator

    hmmm - You might get more help in the proxy section... I will move this thread there. Of the top no idea - but that works with explicit and no cache is good info..

    I will see if I can duplicate the problem when I get a chance.

    Why is you can not use explicit? Why can you not just hand out the proxy info via wpad?



  • Strange isn't it

    We have some devices on site that cant have a proxy set and would therefore stop working, so we require transparent

    Thanks again


  • Rebel Alliance Global Moderator

    What devices are those - just curious... Some crappy IOT thing?



  • Its actually iOS devices that i was told wouldnt support WPAD, having done a bit of looking it seems they should work with it, i think guest network may be a problem but at least we can try it


  • Rebel Alliance Global Moderator

    Ios device like a iphone or ipad? They support proxy ;)



  • Is Squid the only package on the pfSense box?

    Also I would check if the firewall rule that Squid adds in transparent mode is conflicting
    with other firewall rule's.

    With that amount of user's there is quite a lot of tuning that can be done.