- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-22-2018 03:26 AM
Hello ,
We have PA-3020 has a defined policy that deny any YouTube traffic , but unfortunately the FW doesn't recognize Youtube application-based policy which originates from Android phone and pass it as allow . I appreciate your comments if I can fix that .
04-22-2018 03:47 AM
Hi @MYNAGHI
Do you have decryption enabled? Is it allowing youtube from this android device generally or ony from the youtube app but not within the browser? Did you check the URLs that are logged when this android device connects to successfully to youtube?
With these URL logs you will be able to create a custom URL category to also block this access. If you don't have a URL filtering license, you can also do a packet capture and search for tls handshake packets to see there the FQDNs that you need to block.
04-22-2018 04:34 AM
Hello , No encrytion on traffic . And it is from Youtube application on mobile phone , however the policy takes effect when I access YouTube from mobile webpage . Yes I have tried that using URL filtering with same behaviour doesn't recognizing the traffic . Eventaully since the traffic is not recognized by FW , in the last we have rule allowing Gmail traffic includes google-based and other Gmail business application according to policy we have where also YouTube application does't take effect and users still streaming viedes .
04-23-2018 10:53 AM
@MYNAGHI wrote:Hello , No encrytion on traffic .
So you're decrypting mobile traffic then, or you're not doing decryption? Just want to verify this part.
Can you verify what software version you are using. Unless you are severly out of date URL Filtering on this traffic wouldn't have any issues if it's matching on the proper URLs, with or without decryption.
04-24-2018 12:48 AM
Hello , I'm not sure if traffic is ecreypted or not . Can you please elaborate why encryption/decreyption matters in this .
04-24-2018 06:16 AM
When you don't decrypt traffic it makes it difficult for the firewall to actually identify the application being used, further if the application is running over QUIC it becomes even more difficult for the app-id process to actually classify this application correctly. This has to do with how Google sets things up on their end and the QUIC protocol being evasive by nature.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!