Hi Volker and thanks for your guidance. I'm trying to avoid "MITM filtering" and Transparent-mode. I've read there are problems with MITM when clients access bank sites.
As you said, keep the proxy and firewall separated is a better choice. These service must be 100% controlled and sometimes this web interfaces hide processes. Thank again! José G. On Fri, May 12, 2017 at 3:05 AM, Volker Kuhlmann <hid...@paradise.net.nz> wrote: > On Tue 09 May 2017 23:14:37 NZST +1200, José Gregorio Díaz Unda wrote: > > > It looks like I should use PFS only as a firewall and DNS resolver, and > > setup independently DHCP and Squid. > > The DHCP server in pfsense is very good. With squid and squidguard I am > less than impressed. It is more secure to run a web proxy on a different > host than the firewall. If you want MITM filtering, pfsense is probably > the easiest to set up because theoretically it's only a few clicks. I > think there was a package for getting letsencrypt certs, if you trust > them, you don't then need to import certs into all your clients. > > > May be Squid/Squidguard in a "solo-mode" are less complex to setup to > > filter SSL. Or I should find a different alternative for > Proxy/SSLFiltering. > > The best choice depends on what you want. The pfsense squidguard > interface is not a time saver, some short strategic scripts in your own > setup will probably be way faster in the long run. > > Volker > > -- > Volker Kuhlmann is list0570 with the domain in header. > http://volker.top.geek.nz/ Please do not CC list postings to me. > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
