How to block www.youtube.com completely

Reply
imran_sharin
L1 Bithead

How to block www.youtube.com completely

 

Dear All,

 

Appreciate if you can advise how to block www.youtube.com completely. I have try using URL-Filtering and application layer level but still failed. I am using PA-3020 OS version 7.0.3

 

 

Imran


Accepted Solutions
Raido
L7 Applicator

If you don't decrypt https then firewall uses data on the certificate.

It can't see what is inside encrypted payload.

If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.

 

More info here:

https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI

View solution in original post


All Replies
TranceforLife
L6 Presenter

Hi Imran,

 

Is it http or https traffic? Please confirm. SSL decryption might be required 

Roby_Sreejith
L4 Transporter

In ur filtering block list, try adding *.youtube.com

PCNSE-7, ACE-6,ACE 7 , CCNP, CCNA,CCIE(theory) , RHCE
Firewalldog dot com
Raido
L7 Applicator

Enable SSL decryption as some Youtube traffic can be identified as SSL.

Drop youtube application.

Add *.youtube.com and youtube.com to URL profile blacklist.

Block quic application as Chrome accesses Google services over quic that is UDP based.

 

And if this all fails then try to deny any traffic that firewall can't decrypt with ssl decryption profile.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
imran_sharin
L1 Bithead

 

 

 I want to block, I want to block all http and https traffic... is there need to perform SSL description.. appreciate if you can teach me to do that.. :-)

Raido
L7 Applicator

If you don't decrypt https then firewall uses data on the certificate.

It can't see what is inside encrypted payload.

If computers behind firewall are under your control (you can install additional root certificates) then it is an option. If it is kind of university environment where students come with their own laptops then you can't do ssl decryption.

 

More info here:

https://live.paloaltonetworks.com/t5/Management-Articles/SSL-decryption-resource-list/ta-p/70397

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI

View solution in original post

imran_sharin
L1 Bithead

Hi Raido,

 

Can you teach me how to do SSL decryption... sorry if my question is too novice for you..

imran_sharin
L1 Bithead

Hi Raido,

 

TQVM... much appreciate your help :-)

Raido
L7 Applicator

Check the link I gave you earlier and ask when you are stuck.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!