- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-20-2020 11:47 PM
Hello Dears,
Requirement:- I want to allow only some educational videos (educational videos belong from training and tools URL category) for my environment.
Below i have tried:-
Could you please suggest is there any other way to achive my requirement.
Thanks.
10-21-2020 05:35 AM - edited 10-21-2020 05:36 AM
Hello
Yes, I can understand your query now.
It is simple, and let me explain.
In previous versions, the Override was used an "Allow" or "Block", that was processed before the built in categories.
in 9.1.3, the functionality is the same. Look for creating two (2) Custom URL categories.
One will be (blocking) *.youtube.com
The other one will be for those site you want to allow:
Be sure to look at the two attached pics on this thread/response.
10-21-2020 06:50 AM
It means i need to create a policy like this:-
source one- inside
source address- any
destination zone - outside
destination address - any
application - any
service - any
action - allow
in security profile - need to create a URL filtering that is mention by you and all other URL category should be block. is this correct.?
10-21-2020 11:51 AM
Yes, that could work fine.
Totally different comment here:
Question though... WHY such an open rule? Can you lock it down?
Can you make 2 security policies, to accomplish the same thing.
Traffic from SZone to DestZone (IP of tube), using youtube application on APPOVED_Youtube_URL, on application default?
Next rule.. deny ALL traffic to youtube?
10-27-2020 06:29 AM
The same i tried but not working.
custom URL cateogory:-
In URL filtering:- URL filtering name - (learning website video)
allowed (Approved_youtube) custom URL category and block (Block_youtube) custom URL category.
In policy:-
SZ- inside
S user- ANY
DZ- Outside
destination Address - Any
Application- ANY
Service- ANY
service/URL category- ANY
Action - Allow
profile setting - Apply only URL filtering profile learning website video.
but the issue still same. any other way , i can achive this ?
10-27-2020 06:39 AM
Can you provide snippets of logs, screen captures, etc.
Just saying it is not working.. is not enough.
What happens when you try to connect? Error messages.
Your next steps is to take wireshark/packet captures to help you visualize what is happening on the wire, and you can configure your policies better.
TAC should be able to assist you as well.
10-28-2020 01:27 AM
I took the packet capture and below are my findings:-
1 - I can see in packet capture most of the packet 'ignore unknown record' when i check it is causing of L4 checksum. do i need to disable the L4 checksum?
2 - As well as i run the counter command and found TCP sessions closed via injecting RST. for this, i have allowed the challenge-ACK from the CLI.
3 - Below is the snapshot of the error while playing the video.
4 - Below is the snapshot of counter command:-
11-01-2020 05:15 AM
I have downgraded my firewall up to 8.1.0 and found the override option is available. but i tried the same configuraion according to document but issue still persists.
11-02-2020 11:55 AM
Sounds like you have to open a ticket with the TAC.
Good luck and let me know what you find.
Thx
11-04-2020 02:09 AM
Thanks for the reply.
I believe we can achieve this requirement by the decrypt you tube traffic.
I just want to confirm can we decrypt youtube traffic or not.
Because when i applied the decryption policy on youtube. youtube stop working it is showing the below error
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!