12-17-2019 11:32 AM
We have a school system that is want to utilize Safari Montage to filter video that an administrator whitelisted. These whitelisted video adds a referrer (somesite.someschool.org) to the http request that will go to that specific video hosted at YouTube. With SSL Decrypt enable and quic being block, the firewall will inspect the outbound traffic for the referrer, pattern matching based on this referrer with http-req-params on both GET and POST, and identify the traffic as a custom application called Safari-Youtube.
The end goal is to have separate security policies for teacher and students based on User-ID. Teachers will be able to go to youtube-base and youtube-streaming, but students will only be able to go to video with the custom application Safari-Youtube. We have been able to created the custom application and applied it to only a test workstation. This first work without issue. However, as time went on testing with other videos, this started not to consistently work. According to the logs, the traffic is being decrypted, but the application is no longer being constantly identify as the custom app and is blocked by the firewall. Sometimes it flips between Safari-Youtube and youtube-base. Sometimes youtube-base only. We tried different iteration of troubleshooting, but still are not able to replicate the success when the custom application was first tested. There were not any changes done on the firewall or Safari Montage after the first successful test.
Requesting any insight to an issue similar to this one.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!