Requirement:- I want to allow only some educational videos (educational videos belong from training and tools URL category) for my environment.
Below i have tried:-
Could you please suggest is there any other way to achive my requirement.
Yes, I can understand your query now.
It is simple, and let me explain.
In previous versions, the Override was used an "Allow" or "Block", that was processed before the built in categories.
in 9.1.3, the functionality is the same. Look for creating two (2) Custom URL categories.
One will be (blocking) *.youtube.com
The other one will be for those site you want to allow:
Be sure to look at the two attached pics on this thread/response.
It means i need to create a policy like this:-
source one- inside
source address- any
destination zone - outside
destination address - any
application - any
service - any
action - allow
in security profile - need to create a URL filtering that is mention by you and all other URL category should be block. is this correct.?
Yes, that could work fine.
Totally different comment here:
Question though... WHY such an open rule? Can you lock it down?
Can you make 2 security policies, to accomplish the same thing.
Traffic from SZone to DestZone (IP of tube), using youtube application on APPOVED_Youtube_URL, on application default?
Next rule.. deny ALL traffic to youtube?
The same i tried but not working.
custom URL cateogory:-
In URL filtering:- URL filtering name - (learning website video)
allowed (Approved_youtube) custom URL category and block (Block_youtube) custom URL category.
S user- ANY
destination Address - Any
service/URL category- ANY
Action - Allow
profile setting - Apply only URL filtering profile learning website video.
but the issue still same. any other way , i can achive this ?
Can you provide snippets of logs, screen captures, etc.
Just saying it is not working.. is not enough.
What happens when you try to connect? Error messages.
Your next steps is to take wireshark/packet captures to help you visualize what is happening on the wire, and you can configure your policies better.
TAC should be able to assist you as well.
I took the packet capture and below are my findings:-
1 - I can see in packet capture most of the packet 'ignore unknown record' when i check it is causing of L4 checksum. do i need to disable the L4 checksum?
2 - As well as i run the counter command and found TCP sessions closed via injecting RST. for this, i have allowed the challenge-ACK from the CLI.
3 - Below is the snapshot of the error while playing the video.
4 - Below is the snapshot of counter command:-
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!