At work, I have a client that was requesting the ability to monitor/block sites that their users were visiting. This is traditionally quite easy with just a squid proxy server or a Barracuda Web Filter but they really didn’t want an extra server to be installed during this process AND they were using a terminal server.
I started looking for server side applications that I could install and just have the admin pull the data from there, however, the costs I was finding were a bit too much. I setup a pfSense in a quick lab to demo this up. After installing pfSense on some old hardware, did a basic configuration of the box, and then installed the Squid proxy package. I configured this to be a traditional proxy where I had to send traffic on a specific port, and the user was required to login. That was really the trick to get the terminal server users broken apart. I know it could probably use a little masaging with NTLM authentication or some other clean mechanism but for the lab and the purposes of this client, this hit the mark for a great price.
I did mention that they did not want to install new hardware during this process, but the knew they needed to upgrade their Linksys “router” that was currently firewalling their network. I am once again impressed with the flexibility and ease of use that pfSense gives you. I truly only have 1 complaint about the system at all but it has nothing to do with this and as I understand it, that feature has been added in pfSense 2.0. The management of OpenVPN clients/certificates is somewhat of a nightmare for large installs unless you use a single certificate for all users (not recommended).