03-13-2018 09:01 AM
I want to block all streaming videos... can anyone tell me how to do that?
03-13-2018 10:00 AM
This is a pretty difficult request and likely isn't something that you can do full on without a little bit of compromise, but I'll at least get the conversation started. I'm going to assume that you've enabled SSL-Decryption going forward, as that is really the only effective way for something like this to work.
First you'll likely want to create a custom URL Category for streaming, and include any URL that you simply don't want people to access. An example would be like below.
<entry name="Streaming Test">
<list>
<member>amazon.com/Amazon-Video</member>
<member>directv.com/tv</member>
<member>directvnow.com</member>
<member>freeetv.com</member>
<member>hulu.com</member>
<member>megavideomovies.com</member>
<member>mlb.tv</member>
<member>naver.com</member>
<member>streaming.naver.com</member>
<member>nextmedia.com</member>
<member>*.directv.com</member>
<member>ontveg.com</member>
<member>pandora.tv</member>
<member>plex.com</member>
<member>plex.tv</member>
<member>popcorn-time.to</member>
<member>popcorntime-online.tv</member>
<member>popcorntime.sh</member>
<member>live.qq.com</member>
<member>qq.com</member>
<member>sling.com</member>
<member>twitch.tv</member>
<member>tv4play.se</member>
<member>my.xfinity.com</member>
<member>netflix.com</member>
<member>*.netflix.com</member>
<member>https://plex.tv</member>
<member>sling.tv</member>
<member>https://sling.com</member>
<member>go90.com</member>
<member>www.go90.com</member>
<member>*.sling.com</member>
<member>watch.sling.com</member>
<member>mlb.com/video</member>
<member>https://watch.sling.com</member>
</list>
<description>Streaming URL test</description>
</entry>Then you would want to create an Application Group that you are going to utilize to block streaming at an application level. Similar to below.
<entry name="Streaming Services">
<members>
<member>air-video</member>
<member>amazon-cloud-player</member>
<member>amazon-instant-video</member>
<member>amazon-unbox</member>
<member>directv</member>
<member>hulu</member>
<member>naver-streaming</member>
<member>netflix</member>
<member>netflix-base</member>
<member>netflix-streaming</member>
<member>ontv</member>
<member>pandora-tv</member>
<member>plex</member>
<member>popcorn-time</member>
<member>redbox-instant</member>
<member>sbs-netv</member>
<member>sling</member>
<member>twitch</member>
<member>tvb-video</member>
<member>tv4play</member>
<member>streambox</member>
<member>xfinity-tv</member>
<member>espn-go</member>
<member>mlb.tv</member>
<member>starz</member>
</members>
</entry>Then I personally build out a URL Filtering profile to be utilized in a Security Profile Group utilized throughout the security policies. This would simply match your standard URL Filtering profile, but the new custom URL Category that you created above would be set to 'Block'.
Then you simply build out the associated security policies to work with the above.
If you wanted to block all videos your application group would be much larger, or you would build it out as an application filter for category 'media' and subcateogry 'photo-video'. I'm not a big fan of this option as you'll likely have unintended application blocks. I generally find the above method work fairly well on its own, and if employees find another service or application to stream I simply add it to the list.
03-13-2018 10:02 AM
Hello,
There are several ways to acheive this however caution is advised since it can turn political. You can utilize URL filtering to block the category 'Streaming Media'.
Also you can use app-id to block it by setting up a custom filter or group:
https://applipedia.paloaltonetworks.com/
They can be used in conjunction, e.g. in the same policy.
Hope that helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
