I have setup squid on pfsense to use ntlm authentication with SSO for all Windows clients that authenticate through the active directory severs. The problem lies in the smartphone department. We don't touch any of the devices so can't get staff to manually add the proxy to the phones. This wouldn't work though because most apps don't like proxies and will refuse to connect.
I guess that leaves me with one option, have the wifi subnet on a transparent proxy, can I have both a transparent and 'full proxy' on the same pfsense box. I don't really see how it would work.
If not does anyone have any ideas for how I can get the proxy to auto onto the phones from pfsense. I can turn off authentication for that subnet if that makes easier (172.16.32.0/24) ?
P.S The proxy is for content filtering across the whole network