Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Transparent AV?

    pfSense Packages
    2
    3
    1280
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      caustic386 last edited by

      I'm interested in following the tutorial at http://www.smallnetbuilder.com/security/security-howto/31433-build-your-own-utm-with-pfsense-part-1 , minus the Antispam & CFS, and as I install the packages I notice there's constantly a reference to configuring proxy settings on the client browser.

      I'm new at this, from ISA/Forefront and Sonicwall, where client browser proxy settings were not required (and didn't seem to make a difference when you did turn them on).  What is gained or lost by not configuring web proxy on our clients?

      1 Reply Last reply Reply Quote 0
      • C
        Craigusoz last edited by

        Normally what you do is to use squid in transparent proxy mode, with HAVP as the parent of squid. No client proxy setup is required.

        However, HAVP is currently broken (for me and some others, at least): http://forum.pfsense.org/index.php/topic,47576.0.html

        If you use Dansguardian instead, you will probably want to look at auto proxy configuation.

        I've personally abandoned virus scanning at the firewall, because I'm just not convinced that ClamAV works well enough. Individual Win clients run Avast.

        I do use squidguard for filtering, with pFblocker to block tor et al, and that works well.

        1 Reply Last reply Reply Quote 0
        • C
          caustic386 last edited by

          Thanks for the tips!  I tend to agree that firewall-based AV isn't really that useful, especially with so many sites using HTTPS these days.

          I have no experience with clamAV, but our client-side ESET performs quite well, so maybe I'll leave well enough alone rather than get into Squid, etc.  (something else I have no experience with)

          Thanks for the tip regarding pfBlocker, we currently use DynDNS for content filter at only $10/year, but it's DNS-based so easy to bypass for intermediate users.  This might be the answer I was looking for, though!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy