topic Re: You tube filtration issues in General Topics

You tube filtration issues

bwsaloum — Tue, 26 Jan 2016 14:56:45 GMT

I'm at a bit of a losst and am writing to see if anyone else has experienced anything like this:

I have a policy that allows unrestricted access to youtube.com via http/https. Accessing this rule is only allowed based on membership in an AD group. And in testing, it seems to work, when i add my user object to the policy itself. I don't access to AD to insert myself into various groups for testing.

So here's where it gets wierd.

I have some members in that group that are able to access it using https and not http, and for the life of me I can't figure out why.

Anybody have anything like this happen before?

Thansk,

bws

Re: You tube filtration issues

Raido_Rattameister — Tue, 26 Jan 2016 15:31:44 GMT

Do you decrypt traffic?

You can test if user is in specific group with command below:

show user user-ids match-user john

Can firewall identify that user is in the group you use in the policy?

If you go to traffic log is traffic correctly identified (or it is just ssl)?

For me youtube always redirects me to https version so how can you access it over http?

Re: You tube filtration issues

bwsaloum — Tue, 26 Jan 2016 17:12:04 GMT

Raido, first of all, thank you for the reply. My responses will be in blue.

Do you decrypt traffic? Yes, but not in this particular policy

You can test if user is in specific group with command below:

show user user-ids match-user john Executed like expected and sees all of the users in question being associated with that group. (I ran this command on a sample group of 10 users and the response was consistently the same)

Can firewall identify that user is in the group you use in the policy? Yes as there are other websites being processed by this policy and that all works properly.

If you go to traffic log is traffic correctly identified (or it is just ssl)? I see both 80 and 443 and other sites, seem to be processed properly.

I even went so far as to specify the user object in the policy, at the same level as the group, in the event that the firewalls weren't recognizing the group members. No joy. So I'm at a bit of a loss on this one.

For me youtube always redirects me to https version so how can you access it over http?

Re: You tube filtration issues

Raido_Rattameister — Tue, 26 Jan 2016 17:24:15 GMT

So expectation is to allow Youtube right?

And it is not working?

If you go to traffic log and filter based on used and search for sessions that were not permitted.

(user.src.eq 'domain\user' ) and (action neq allow)

Then you should see blocked sessions.

Click on mag glass.

What is session end reason?

What is application identified?

Against what rule this traffic matched?

By default only ended sessions show up in traffic log so you might want to check session table also or check "Log at Session Start" on policy during troubleshooting.

Re: You tube filtration issues

bwsaloum — Tue, 26 Jan 2016 19:26:09 GMT

First off THANK YOU! I believe I was getting caught up on a single tree in forest, so to speak... What was happening is elements of Youtube are being classified as google-base, and since that's not explicitly allowed, it's flagging the entire session. Now that I know the cause & effect, I can work it out.

Thanks again and cheers!

bws