recently for testing purposes I create Youtube-uploading rule in order to deny all video uploading's to Youtube server. My disappointing grew when I saw that all video uploading's pass my rule, also when I login on my Gmail through Google Chrome, all Data filtering rules was passed, and I can attach any of forbidden files. With other app's I have no such "bad" experience. Maybe I wrong, but maybe Google use like Skype, some proprietary encryption for communication with server.
Is enyone has the same or similar issue?
I forgot to mention that I deploy ssl decryption rule, and they works well with all others...
PAN OS ver: 4.1.0
I would suggest a simple test. You could create a rule on top just for your host machine (either with IP address or Source user) to deny youtube uploads. If this works, it would be easy to figure out why it is not working.
The second thing would be to check if the rule placed in a strategical position.
thanks for the answer, but I already test position of my rule and explicit stated ip address of my test PC. Problem is following, when I login on Youtube in order to upload, I'm using my Gmail credentials, not Youtube login. When I do that especially through Google chrome browser, my youtube-uploading rule failing and pass uploads. So in this circumstances I suspect that some proprietary encryption is inline. On monitor traffic tab I can't find or filter any matching behavior of youtube-uploading, just youtube-base port 80 or web browsing.
Well, I would test out in the following manner:
1. Can I upload a video using youtube credentials (not to bother with browsers).
2. Can I upload a video using gmail credentials (not to bother with browsers).
3. What is the result of step 1 and step 2. Which browsers are allowing uploading and which browsers are not
I can mostly take it down to proprietary encryption but it would be interesting to know what happens with other browsers.
To me it sounds more like that the youtube appid must be updated.
Contact the app enhancement team at http://www.paloaltonetworks.com/researchcenter/tools/ for more information (they will most likely need pcaps and stuff).
Another thought would be the "log portalpage only" (or whatever this setting is called) - but this (I think) would only affect whats being logged and has nothing to do with the appid stuff on its own. But sure, in case only portalpage is logged it would mean that a youtube session within a gmailsession (or whatever) wouldnt be logged and perhaps not even identified (in case this feature does more than just affect logging)?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!