This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Block YouTube--Allow Google.com

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block YouTube--Allow Google.com

Go to solution
kuntzelectroplating
L2 Linker

‎11-22-2016 06:35 AM

We have 1 user who is abusing Youtube. I need to block this person from YouTube but still allow this person access to google.com

I tried a URL filtering policy but it also blocked access to google.com.

Is there a document or a video of how to perform this task?

 

I am running PAN OS 7.1

 

Thank you

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Brandon_Wertz
L6 Presenter
In response to Brandon_Wertz

‎11-22-2016 08:22 AM

Policy.PNG

View solution in original post

0 Likes Likes
8 REPLIES 8

Go to solution
Brandon_Wertz
L6 Presenter

‎11-22-2016 07:03 AM

Why not just use application controls?

 

I'm gonna venture a guess that trying to accomplish this via URLs is going to be an untenable solution.

0 Likes Likes

Go to solution
BPry
Cyber Elite
Cyber Elite

‎11-22-2016 07:23 AM

How did you block it in the URL filtering? 

 

If you make a custom URL Filtering for this user and list *.youtube.com and youtube.com in the block-list and set the action to block then you should be perfectly fine by just listing the URLs and it shouldn't block Google. You would just need to make a special rule for your special user. 

 

Really though this is trully an issue for your HR department; sometimes companies try to solve HR issues with Tech and it never works out. 

0 Likes Likes

Go to solution
kuntzelectroplating
L2 Linker
In response to BPry

‎11-22-2016 07:52 AM

Thank you for your reply.

 

I first tried to use an application-id, but I was still able to access youtube.com.

Then I tried a URL filter with the domain names you suggested. It blocked youtube but also google.

Google and youtube are so closely tied together now, it is hard to separate them. It looks like (from the logs) that when you go to youtube you are redirected to googlevideo.com.

 

I couldn't agrre more about the HR issue.

 

Go to solution
Brandon_Wertz
L6 Presenter
In response to kuntzelectroplating

‎11-22-2016 08:12 AM - edited ‎11-22-2016 08:15 AM

@kuntzelectroplating

 

I tried just using the "container" YouTube and was able to access it as well.  Then I created a rule that used all the sub-applications and I was denied from viewing the actual videos.  This should suffice for your policy request.  

 

I'm running 5060s on 7.0.X with SSL Interception.

 

--EDIT--  

 

I just created a simple rule that targeted my user ID only to anything out on the Internet using the 4 "YouTube" applications.  On application default settings with a "Deny" action and achieved the result below.

 

Application version638-3696 (11/21/16)

Google_YouTube_Block.PNG

0 Likes Likes

Go to solution
kuntzelectroplating
L2 Linker
In response to Brandon_Wertz

‎11-22-2016 08:16 AM

Did you deploy a security rule using application-id's or URL filtering?

 

0 Likes Likes

Go to solution
Brandon_Wertz
L6 Presenter
In response to kuntzelectroplating

‎11-22-2016 08:18 AM

0 URL filtering controls.  (I've since deleted the rule from my environment so I can't show you.)

0 Likes Likes

Go to solution
Brandon_Wertz
L6 Presenter
In response to Brandon_Wertz

‎11-22-2016 08:22 AM

Policy.PNG

0 Likes Likes

Go to solution
kuntzelectroplating
L2 Linker
In response to Brandon_Wertz

‎11-22-2016 08:49 AM

Thanks...I will give that a try.

 

0 Likes Likes
  • 1 accepted solution
  • 4626 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks