How to block www.youtube.com completely

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to block www.youtube.com completely

L1 Bithead

 

Dear All,

 

Appreciate if you can advise how to block www.youtube.com completely. I have try using URL-Filtering and application layer level but still failed. I am using PA-3020 OS version 7.0.3

 

 

Imran

1 accepted solution

Accepted Solutions

If you don't decrypt https then firewall uses data on the certificate.

It can't see what is inside encrypted payload.

If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.

 

More info here:

https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

View solution in original post

8 REPLIES 8

L6 Presenter

Hi Imran,

 

Is it http or https traffic? Please confirm. SSL decryption might be required 

L4 Transporter

In ur filtering block list, try adding *.youtube.com

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com

Enable SSL decryption as some Youtube traffic can be identified as SSL.

Drop youtube application.

Add *.youtube.com and youtube.com to URL profile blacklist.

Block quic application as Chrome accesses Google services over quic that is UDP based.

 

And if this all fails then try to deny any traffic that firewall can't decrypt with ssl decryption profile.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

 

 

 I want to block, I want to block all http and https traffic... is there need to perform SSL description.. appreciate if you can teach me to do that.. 🙂

If you don't decrypt https then firewall uses data on the certificate.

It can't see what is inside encrypted payload.

If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.

 

More info here:

https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Hi Raido,

 

Can you teach me how to do SSL decryption... sorry if my question is too novice for you..

L1 Bithead

Hi Raido,

 

TQVM... much appreciate your help 🙂

Check the link I gave you earlier and ask when you are stuck.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1 accepted solution
  • 4233 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!