OpenSense on SG-2100
-
@jimp
This was suggested on Reddit and i think its a good idea if one has the resources.
Squid with the unresolved CVEs is probably best sitting behind a firewall . I dunno. Just a thought. -
@JonathanLee said in OpenSense on SG-2100:
I want the web cache support for Squid is what I am after. I am going to be stuck in 23.05.01 land until the end of time.
23.09 includes Squid per the blog post.
re: cache, SSD is recommended for the disk writes on eMMC...
https://www.netgate.com/supported-pfsense-plus-packages
https://docs.netgate.com/pfsense/en/latest/troubleshooting/disk-lifetime.html -
SSD
@JonathanLee I see from one of your other posts you have a Max so never mind this comment. I like to post it when it comes up since many don't know about the recommendation list (which would help if it was in the docs, or linked from the docs; AFAIK it isn't).
-
Indeed Squid is in 23.09. I agree though, running a separate internal proxy is probably a better option.
-
@stephenw10
To be fair, commercial solutions like Cisco Umbrella or Zorus do a really better job at this whole proxy thing.
I know there isnβt a home lab or SMB pricing that makes sense which is really the pain point here for mostly everyone.
Also Iβm not aware of any commercial proxy to be used internally. Is BlueCoat still a thing? -
@michmoor what is bluecoat? I have Squid 6.6 running great in 24 minor issue the status page changed to non squidclient based. But other than that it has a lot of the CVEs fixed I am told itβs the latest and greatest.
-
If you want to proxy and filter all the traffic from/to a small country you call Bluecoat.
-
@stephenw10
SWG are the future. Its been the future? Its here now :)https://www.cloudflare.com/learning/access-management/what-is-a-secure-web-gateway/
-
'SWG' seems like another acronym for what has been around for years. Maybe with a shinier front end glued onto it.
-
@stephenw10
lol oh for sure !