Re: ERL / ERX / USG - transparent proxy / filtering / bandwidth shaping

Thank you for the info,  on both topics - I figured the ERL would be a little limited somewhere past maybe 200Mbps with such features in place. It's still a fantastic little box, and I might experiement with it for a few of these scenarios.

To confirm - for the USG, it *does* support transparent mode?

I understand if it can't do much with https in this scenario, especially for content filtering. Honestly, this is somewhat less of a concern than general shaping / throttling.

I'd basically like to use basic "equal" (HFSC?) sharing of bandwidth, maybe adjust more later on.

For filtering, I'm using pfBlockerNG on pfSense, as well as OpenDNS.
- - - client -> AD DNS servers -> pfSense -> OpenDNS.
I think I'd want a USG to do something similar, and/or just use FireHOL. Currently have FireHOL lists updated to it, and have it block based on those lists of IPs/ranges. Nothing very fancy. (also) The ability to "blackhole" some URLs, perhaps (such as Netflix). pfBlockerNG basically says: DNS = 10.10.10.0 or something non-existant, so that if you want to set an entry up that way, it goes nowhere.