- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-24-2016 03:12 AM
Dear All,
Appreciate if you can advise how to block www.youtube.com completely. I have try using URL-Filtering and application layer level but still failed. I am using PA-3020 OS version 7.0.3
Imran
06-24-2016 03:45 AM
If you don't decrypt https then firewall uses data on the certificate.
It can't see what is inside encrypted payload.
If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.
More info here:
https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397
06-24-2016 03:19 AM - edited 06-24-2016 03:20 AM
Hi Imran,
Is it http or https traffic? Please confirm. SSL decryption might be required
06-24-2016 03:37 AM
In ur filtering block list, try adding *.youtube.com
06-24-2016 03:39 AM - edited 06-24-2016 03:42 AM
Enable SSL decryption as some Youtube traffic can be identified as SSL.
Drop youtube application.
Add *.youtube.com and youtube.com to URL profile blacklist.
Block quic application as Chrome accesses Google services over quic that is UDP based.
And if this all fails then try to deny any traffic that firewall can't decrypt with ssl decryption profile.
06-24-2016 03:40 AM
I want to block, I want to block all http and https traffic... is there need to perform SSL description.. appreciate if you can teach me to do that.. 🙂
06-24-2016 03:45 AM
If you don't decrypt https then firewall uses data on the certificate.
It can't see what is inside encrypted payload.
If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.
More info here:
https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397
06-24-2016 03:46 AM
Hi Raido,
Can you teach me how to do SSL decryption... sorry if my question is too novice for you..
06-24-2016 03:49 AM
Hi Raido,
TQVM... much appreciate your help 🙂
06-24-2016 03:54 AM - edited 06-24-2016 04:31 AM
Check the link I gave you earlier and ask when you are stuck.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!