Hi @jon.
I have it this way:
I have it in non-transparent mode and it works like a shot.
I hope that sooner rather than later, you find a solution. 
Greetings.
@jon there is one thing that I do not understand with your setting. Transparent mode works only for unencrypted traffic. What happens to the https traffic when you enable transparent proxy, it still goes through the proxy or it goes directly? Because if it is the latter you then not only activate transparent proxy, but also you disable the firewall rule in post 9. Do I understand your setting correctly?
This is the direction I am slowly heading. But without a basic understanding of the proxy I am very reluctant to do FORWARD Blocked and OUTGOING Blocked.
Currently these are set to FORWARD Allowed and OUTGOING Allowed. And this may be the crux of the issue! With one rule hopefully blocking 80 & 443.
This is more advanced than my network. I just have one subnet for green and a separate subnet for blue. Green is a wired ethernet (no WiFi). Blue is mostly wireless (WiFi).
Thank you for posting!
2 Likes
I’ll double check. I assume you are talking about with the proxy settings enable for the client. And the Firewall Rule block 80 & 443 enabled.
Most of the time (99.999%) the Transparent mode is disabled. I enable it for a few seconds just to try things as a quick test.
so with the:
- transparent proxy enabled
- AND proxy settings enabled for the client
- AND Firewall Rule block 80 & 443 enabled
things still show up in the Proxy log viewer.
Does this sound right?
not sure I understand this part…
Yes. To be clear, I was think to this normalization of the browsing speed you observe when you activate the transparent proxy. My hypothesis was that the speed of your browsing would go up to normal value because you would only do transparent proxy, while the 443 encrypted web surfing would go direct.
If this hypothesis were correct, then the problem would have been restricted to the the proxy function dealing with the encrypted communication.
As it is, what you said proved my hypothesis wrong. Then let’s formulate the alternative one.
If all the premises are correct, the logical conclusion is that the slow speed problem is related to the port 80 traffic and not the 443 traffic. If this assumption is correct, then disabling the proxy only on port 80 and allowing the clients to go direct on the unencrypted traffic only (in other words, removing the block on port 80 on your firewall) should get you to the same result you observe with transparent proxy: namely normal speed.
I would test this, because if it is true than you can restrict the problem considerably.
I hope I managed to convey my thought in a more clear way than last time.
Good luck.
I think this is what I see. There are only URLs with :443 as the port. There are no URLs with no port at the end (no http://test.com URLs) for port 80.
Anyway, I think I am going to start from scratch. I’ve made too many changes over the past month or so.
Another question - I am wondering if a requirement for non-Transparent (conventional) mode is to do FORWARD Blocked and OUTGOING Blocked?? If so, then this should be big & bold in the Wiki.