Squid and SquidGuard on Pfsense for Large deployment
-
I post again my question in this group,
I would like to know if someone could give me some advice for a squid and squidguard tunning in a "large deployment".
I should point out that my Pfsense only has the role of proxy. So it only has the Squid and Squiguard packages installed.
The question I ask myself is: are Squid and Squidguard suitable for the large number of users in my network? I have seen posts saying that they are not recommended for a large number of users, especially Squidquard. Also, what tuning should I do for optimal stability and robustness, always according the number of users I have. I also have to make restrictions on Active Directory groups, which squidguard knows how to do well.Below the Specs of my pfsense
CPU: 4
RAM: 64 GB
DD: 250 GB
NIC: 2x10 GbEI have about 600 users behind the proxy.
Thanks to you
-
Hi, I have 150 proxy users in my network, running on old dual core E5200 & 3GB RAM. CPU usage is avg 5%, RAM 20%, so your HW should handle it.
But Squidquard is weak point, by default it set url_rewrite_children 16 startup=8 idle=4 inside Squid advanced options. It's not enough for my users (not enought "processes"), so had to modify it like url_rewrite_children 128 startup=64 idle=32. But ANY time I set something inside Squidquard and press Apply, then default is back and have to set it again... You will probably need to set higher values (not sure what is max) to handle 600 users.
BTW, I also use Squidquard with Microsoft AD, but this functionality will be gone soon, refer to this.
-
@CZvacko feature request created: https://redmine.pfsense.org/issues/10628
-
@viktor_g
Great!
-
in the latest SquidGuard version:
-
@viktor_g
Thanks, installed, function seems to be ok (but upgrading process was problematic this time).
