OPNsense includes a caching proxy supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. It has extensive access controls and support category based web filtering.

Multi Interface

The proxy can listen to multiple interfaces.

Category Based Web Filter

OPNsense has build-in category based web filter support. Main features include:
  • Fetch from a remote URL
  • Supports flat file list and category based compressed lists
  • Automatically convert category based blacklists to squid ACL’s
  • Keep up to date with the build-in scheduler
  • Compatible with most popular blacklist


The proxy can be configured as transparent proxy.
  • LDAP (incl. Microsoft Active Directory)
  • Radius
  • Local user manager
  • No authentication

Access Control

Fine grained access control, includes:
  • Subnets
  • Ports
  • MIME types
  • Banned IP’s
  • Whitelists
  • Blacklists
  • Browser/User Agents
  • Support for blacklists

Traffic Management

The proxy can be combined with the traffic shaper and take full advantage of its shaping features. Additionally it includes its own options:
  • Maximum download size
  • Maximum upload size
  • Overall bandwidth throttling
  • Per host bandwidth throttling

FTP proxy

Integrated FTP proxy that makes use of the same Access Control Lists.