PA-3020 doesn't recognize Youtube application-based policy originates from Android systems .

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PA-3020 doesn't recognize Youtube application-based policy originates from Android systems .

L1 Bithead

Hello ,

We have PA-3020 has a defined policy that deny any YouTube traffic , but unfortunately the FW doesn't recognize Youtube application-based policy which originates from Android phone and pass it as allow  . I appreciate your comments if I can fix that .

5 REPLIES 5

L7 Applicator

Hi @MYNAGHI

 

Do you have decryption enabled? Is it allowing youtube from this android device generally or ony from the youtube app but not within the browser? Did you check the URLs that are logged when this android device connects to successfully to youtube? 

With these URL logs you will be able to create a custom URL category to also block this access. If you don't have a URL filtering license, you can also do a packet capture and search for tls handshake packets to see there the FQDNs that you need to block.

Hello , No encrytion on traffic . And it is from Youtube application on mobile phone , however the policy takes effect when I access YouTube from mobile webpage . Yes I have tried that using URL filtering with same behaviour doesn't recognizing the traffic . Eventaully since the traffic is not recognized by FW , in the last we have rule allowing Gmail traffic includes google-based and other Gmail business application according to policy we have where also YouTube application does't take effect and users still streaming viedes .

 

 


@MYNAGHI wrote:

Hello , No encrytion on traffic . 

 

 


So you're decrypting mobile traffic then, or you're not doing decryption? Just want to verify this part. 

 

Can you verify what software version you are using. Unless you are severly out of date URL Filtering on this traffic wouldn't have any issues if it's matching on the proper URLs, with or without decryption. 

Hello , I'm not sure if traffic is ecreypted or not . Can you please elaborate why encryption/decreyption matters in this .

@MYNAGHI,

 

When you don't decrypt traffic it makes it difficult for the firewall to actually identify the application being used, further if the application is running over QUIC it becomes even more difficult for the app-id process to actually classify this application correctly. This has to do with how Google sets things up on their end and the QUIC protocol being evasive by nature. 

  • 2630 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!