Transparent Proxy for Single IP?
We use pfSense in our datacenter as well as at our branch offices (OpenVPN site-to-site) to build our WAN. All Internet access is sent through the site-to-site tunnel to our datacenter and then out to the Internet. I have a NAT mapping which sends all traffic out a dedicated public IP.
I am looking to replace our Sophos Cloud Proxy with something we control and I know Squid + Squidguard is a popular option. I'd like to avoid having to push proxy settings to every workstation, which means I'd need a transparent proxy configuration.
I don't want our datacenter equipment to go through the proxy so is it possible to only direct certain traffic to a transparent proxy? If not, any recommendations on how I can accomplish what I'm after?