Youtube streaming not blocking

Reply
Highlighted
L1 Bithead

Youtube streaming not blocking

We want to block youtube streaming via Palo Alto. We create the Custom URL Category "testing" and enter the site "*.youtube.com" (with quotation). We select the testing category in Decrpytion profile and Action "Decrpyt" and Type SSL Forwarding. We create the security policy src:any, destination:any and deny youtube-base. But still we can we view streaming on chrome and firefox. We dont have URL Filtering license.

Highlighted
L7 Applicator

Re: Youtube streaming not blocking

you don't need to use quotes in custom URL categories, simply set

 

*.youtube.com

*.youtube.com/*

 

https://www.paloaltonetworks.com/documentation/71/pan-os/web-interface-help/objects/objects-security...

reaper - PANgurus.com
I drink and I know things
Highlighted
L7 Applicator

Re: Youtube streaming not blocking

hold on

 

you mention that in your security policy you set youtube-base but you do not mention you added a url-filtering profile

 

can you confirm you created a url filtering security profile and added it to your security policy ?

does your policy look like this?

url filtering.png

 

it might be better if you split up your policy to have a block rule for youtube-base and then a web-browsing policy that blocks your custom url profile, in case

better way.png

reaper - PANgurus.com
I drink and I know things
Highlighted
L6 Presenter

Re: Youtube streaming not blocking

Reaper, if they don't have a URL filtering license will applying a URL profile even work?

Highlighted
Community Team Member

Re: Youtube streaming not blocking

Hi,

 

It will on custom URL categories.

 

Cheers,

-Kiwi

Highlighted
L3 Networker

Re: Youtube streaming not blocking

if I'm not mistaken, if you already have a URL database (say, had a subscription but let it lapse), you can still process rules against it, you just won't get updates.

 

not applicable here, but just pointing out I believe the only thing the URL license does for you is updates.

Highlighted
L6 Presenter

Re: Youtube streaming not blocking

Good point! Also looking for the confirmation on this :-0

Highlighted
L4 Transporter

Re: Youtube streaming not blocking

It will work, but you will get a warning for each rule using the the URL profile every time you commit. It gets annoying pretty fast.

 

Benjamin

Highlighted
L3 Networker

Re: Youtube streaming not blocking

what's a warning? I hardly ever read failure messages.

Highlighted
L7 Applicator

Re: Youtube streaming not blocking


@bradk14 wrote:

if I'm not mistaken, if you already have a URL database (say, had a subscription but let it lapse), you can still process rules against it, you just won't get updates.

 

not applicable here, but just pointing out I believe the only thing the URL license does for you is updates.


depends slightly on which database you're using:

brightcloud has a downloaded database with the top 2mil most popular websites. once the license expires that list will remain usable but there will be no updates, so miscategorization because a site changes its behavior will start stacking up. once the license is expired dynamic cloud lookups will also stop working

 

PAN-DB builds a cache from cloud lookups. once the license expires cloud lookups will no longer work and your cache will quickly deprecate

 

for custom URL categories you don't need a license

reaper - PANgurus.com
I drink and I know things
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!