I came across this Video on You Tube that has to do with transparent Proxies using Pfsense called How To Configure A Transparent Proxy Using PFSense by VMNerd. My question is why would you setup a transparent Proxy and what is it used for. The Video wasn’t very clear to me, it seemed the reason VMNerd setup the transparent proxy was to cache common visited HTTP web sites to make them load faster. The problem with this is if I understand how web sites work now with most non phishing web sites switching to HTTPS caching them is really pointless. Am I missing some sort of increased security by putting computer that use the internet behind a proxy sever. Is that the reason VMNerd did what he did.
Save bandwidth on Steam Downloads and Windows updates
Lets say you have 5 Windows PCs and a library of 200 games. You only need to prefetch them once and distribute via your LAN much faster. Need to wipe or set up a new system? updates and games get installed as fast as physically possible. Best of all, it won't congest outgoing traffic from other systems.
There are other uses but this is probably the most common consumer use-case.
What would be all of the other uses especially Enterprise uses?
gating network traffic and preventing client-side congestion using the same methodology.
also port security, so rouge nodes cannot do naughty things like interfere with the DHCP pool or poison the ARP cache.
If you run a large commercial network where you don't know who will be on it, or is susceptible to intrusion, then these features are a must.
that too
As someone who actually has a proxy, what I use it for is to terminate TLS connections and then fan out the incoming connection to various internal servers based upon source port.
This is called a “reverse proxy.” IDK how or if that’s different than a transparent one.
Without that proxy, each server would need it’s own TLS termination and that means having certificates on every server and having to configure and manage all of that, instead of just doing it once with a proxy.
I believe that a reverse proxy is an inbound connection, whereas a transparent proxy is outbound…
Forget about it. I used to do this and it accomplished nothing. Also, the push for HTTPS everywhere is totally going to make any benefit impossible.
It sounds like a great idea, and it is, but in practice, it’s of no use. Disappointing, I know - I found out first hand.
Also, if you don’t believe me, one of our more esteemed members, @Dexter_Kane has said the same thing in other threads.
Yeah pretty much, as a cache in a home network it’s just not worth the trouble. If you use it for Web filtering then it’s not perfect because you can’t do https but it’s half way functional if the people using your network aren’t the most technical savvy.
The advantage of a transparent proxy is that it works without any client side configuration, but given that list things use https these days you need to be looking at other solutions.
I tried to do caching on my PfSense router once and found it actually increased latency for many websites that frequently update as the server had to constantly refresh the cache, thus defeating the point. Also increased use of https also prevented its function.
Just wasn’t worth it for me and got fed up and turned it off.
That’s why people use it for large downloads that don’t change.