06-03-2017 11:19 AM - edited 06-03-2017 11:29 AM
I'm using a PA-220 with 8.0.2. I have a profile defined which blocks several categories (malware, things not kid friendly, etc) including web-advertisements (the number one thing that gets blocked). It keeps blocking access to youtube videos. In the URL Filtering log entry, it shows these URLs in the "streaming-media" category, which is an allowed category, yet the log entry shows "block-url" as the action. These log entries show the application as google-base, or youbtube-base. Either way, it's blocking these URLs. I've also tried setting web-advertisements to alert, but it's still blocking media-streaming...
You can go to "www.youtube.com" just fine, but when you select a video, it seems to hang. I'm also doing SSL decrypt, if that makes a difference.
Edit to add: A bit above this rule is a similar rule limited to a source object, but it has a different URL profile that only blocks malware. Machines that hit this rule don't seem to have this youtube issue.
Any idea what I'm doing wrong, or does this sound like a bug?
06-04-2017 04:39 AM
From what you describe here it does sound like a possbile bug.
And I would continue with the troubleshooting method you have started. Adding back in one category at at time and finding the one that triggers the block. This should then give you both a work around and all the information support will need to find the final fix.
06-10-2017 06:11 PM
Well, I've not been able to determine what the issue is. I've even added youtube.com (and www.youtube.com) to the whitelist for the policy on the rule allowing the traffic and it's still not working.
In fact, some of the entries, instead of listing the category as "streaming-media", have "allow-list" as the category... Though, further to the right, of course, the action is "block-url"...
06-11-2017 04:37 PM
I am thinking the issue is either the decryption is not working correctly or app id update is not correctly classiifying the traffic.
This is how to test decrytion
And be sure to run the updates to have the latest app id on the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
