Posts made by IT-ADMIN

ok, my network map is the following, if someone can guess with me why this problem happen only sometimes,

thank you so much fir any clarification ...

ok, i will make a simple network map to make thing more clear

thank you very much

can this have any explanation ?????

what about this temporarily nature of this problem, anyone can guess with me how this occur only sometimes ????!!!!!

but if use only host file, sure there will be some users who will manage to access those blocked website, i think it is not a reliable solution, isn't it???

and this what lower my self confidence sometimes when i cannot find a cause for an IT problem, or a solution for it, since i don't have strong IT experience this take it toll on me

i think it is time to try sophos UTM, because really this temporarily nature of this problem broke my trust toward pfSense, and what annoy me more i cannot find any explanation for this problem,
because the problem itself is not annoying but when you can't figure out the cause of the problem, that time you hate yourself. hhhh

yes, but the proxy server can block also https if and only if the browser is aware of the proxy server, and if the browser not using any proxy server the https traffic will pass through the proxy but the proxy will be unable to do anything with it,

@Nara right, i'm looking only for blocking some website like facebook and youtube for some users and allow them to some other users too, i'm not interested in caching, i want just to block or allow some website, but i didn't find any package to hundle this except the package called proxy server

sorry, what do you mean by the last post : "No. Normally HTTPS is just ignored" , can you explain please

do you agree with me that : this problem happen because https traffic cannot be established if any proxy server in the middle unless you inform the browser that he should use a proxy otherwise he think that the proxy behave as man in the middle ??

but what i can't never understand is that happen sometimes, i cannot guess any cause for this madness,

do you thing that it is better to install squid guard ??

but gmail is automatically https, so the users don't select any protocol, they just want to access gmail, after that automatically they use https, and because they don't have "use a proxy server for your LAN" checked in their browser, they can't access it, (temporarily !!!!!!??? ) and this what drive me crazy, then i checked that box for them to allow them accessing gmail, after that they call me : "we cannot access facebook", then i unchecked that box to allow them accessing restricted website, (lol) working like that till i find a solution for this weird problem, but this shouldn't take a long time, i have to solve this problem as quick as possible

this temporarily nature that makes me crazyyyyy

i already checked the option transparent proxy and select IPs that have to bypass transparent proxy, but didn't make any difference, in addition to that, only traffic that have destination port equal 80 who will pass through the transparent proxy because https for example bypass the transparent proxy because it is considered as man in the middle,
i think that SSL who make this problem regarding gmail because basically it use https, and when unrestricted users try to access gmail they cannot because their browsers are not configured to use the proxy server, so https consider it to be kind of man in the middle, but what i can't understand at all is why thus issue happen only sometimes not always??????????????

i don't use squid, i'm only using proxy server, because in pfsense 2 proxy packages are available, proxy server and squid guard, in my situation i install only proxy server, for this reason it is a little bit limited,
i don't want to install squid guard (no need having 2 different packages doing the same thing )

@scottalanmiller

unfortunatly No, there is an option called transparent proxy, in this case you select this option : Bypass proxy for these source IPs : .......
but since i don't select the option of transparent proxy, i don't have to select any IP (this option is available only if you check transparent proxy), but when you don't check transparent proxy, only those users who have proxy setting in their browser who will pass through the access list control

@scottalanmiller hi Mr Scott
if i let all users pass through the proxy they will have Access list control applied on them, but me i want some users have full internet access
in reality they all pass through the proxy because he is the internet gateway also, but only those who have their browser set to use the proxy who will get restricted, the other users (unrestricted users) pass through the proxy but since their browser don't use any proxy, they will bypass proxy server

hi all

i have local network protected by pfSense proxy server, i have some users going through the proxy (i change their browser proxy setting : i checked the box "use a proxy server for your LAN" then i enter the ip address of my pfSense ) in order to restrict the access of some website, in the same time i have other user that bypass the proxy server so that they have open internet (by not checking that box in their browser),

the problem is that : those users who bypass the proxy server cannot open gmail in their browser, but as soon as i check that box i can access gmail, i uncheck the box i cannot access gmail, ant the most strange and weird thing is that : this happen only sometimes not always

really any help will be very appreciated, thank you very much

C:\fakepath\before lunching openvpn.txt C:\fakepath\after lunching openvpn.txt

i'm very sorry for this delay,
you will find my route table before and after lunching OpenVpn

thank you very much