Hi all

We're a long time user of RouterOS on various devices. Everything from ~300 RB941, ~100 RB3011, ~10 CCR-1009 and ~20 CHR on HyperV throughout our core. Absolutely love the devices and we make them do just about everything we could dream up, utilising many of the protocols at various points throughout our controlled devices.

Our latest challenge is to implement a transparent proxy to filter both http and https requests. We have explicit filtering fully operational and handle this across about 20 sites, including content inspection of https requests through installation of SSL certificates.

We've also done some testing of pac files distributed from DHCP and DNS options with success. This works fine for browsers on computers, generally. However most tablets and phones refuse to support such functionality. Which now leads us to use transparent proxying.

For the interest of simplicity, lets assume that we've installed the proxy's certificate into the client devices and that explicit proxying works fine.

WCCPv2 would allow us to essentially hand off the request at the border of the LAN to another device which would in turn perform the cache and inspection process. My aim is to essentially replicate that functionality with a number of mangle rules and custom routing adjustments.

Has anyone successfully achieved something like this, and if so would you kindly share your experiences?

Thanks