youtube detection failure

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

youtube detection failure

L0 Member

creating security policy to allow specif users to use applications web-browsing and SSL with destination any with using SSL decryption policy which decrypt all.

after this policy there is implicit deny .

the issue that palo alto cant` detect youtube application , monitoring shows that is web-browsing  is permitted and falsh is denied !!!!

how i can block youtube appliaction ?

9 REPLIES 9

L7 Applicator

Hello Sir,

Could you please provide below mentioned information:

PA Platform-

PAN-OS-

Apps & Threat version-

I will verify the same and let you know the result.

Thanks

L4 Transporter

Hi Ahmed,

before the web-browsing rule i would insert this rule.

youtube.PNG.png

PA detects youtube-base etc. Is this what works for you?

Cheers Klaus

L7 Applicator

Hello Klaus,

You are absolutely correct. Without having SSL decryption, we can simply add the YouTube application in a security policy and it will successfully block YouTube video. ( Users will be able to open www.youtube.com, but they will not be able to run any video).

To Ahmed,

If you want to block all types of activity through www.youtube.com i.e. YouTube-posting, safe-mode, uploading, then you can use application= YouTube ( patent application) as mentioned below:

Reference doc: YouTube Video Control

How to Allow a Single YouTube Video and Block All Other Videos

Create a Custom Application for a YouTube Channel

youtube-2.JPG.jpg

Logs:

youtube-1.JPG.jpg

Hope this helps.

Thanks

version 5.0.11

PA 3050

Threats 420-2111

apps 1217-1682

thanks for your support

i did  create a deny rule to deny youtube  but it didn`t work ,...

.the main issue that the device is not detecting Youtube-saftey application , the only application is detected is youtube-base.

as shown below only flash is detected ,, note that destination ip is related to google .. really i cant understand why ???

this can identify youtube with a destination ip ( google !!!!)...

Hi Ahmed,

did you solve this problem i have the same issue i'm using PA-500 in virtual mode.

Best Regards

nope it is still exist , i contacted palo alto support and have in progress ticket with them , i`ll inform you with updates

Thank you Ahmed,

    I'll be waiting for your reply.

BR

Hi Ahmed,

Google made a change a few months ago to the way they implement YouTube Safety Mode, which affects our ability to accurately identify this traffic with our youtube-safety-mode App-ID signature.  As such, the App-ID for YouTube Safety Mode will likely not show up anymore.  If you would like to enforce YouTube Safety Mode, you can do this via a URL filtering feature, "SafeSearch Enforcement".  When enabled, any Google, Yahoo or Bing web searches will be checked to make sure that the strictest Safe Search setting is enabled, and this applies to YouTube Safety Mode as well.  If the settings are correct, the search is allowed.  Otherwise, a block page is displayed, with instructions on how to correctly fix their settings.  Once this has been done, all subsequent searches will go through.  In order to ensure that YouTube Safety Mode is covered, please be sure to install content version 422 or later.

Thanks,

Doris

  • 5289 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!