USG 210 UTM profil not working for youtube
My USG210 is running on FW 4.35. I have excluded youtube for a utm profile based on a whitelist. If I enter youtube.com directly, the USG blocks it. But if I enter youtube into google and access youtube via google, the USG does not block it.
All Replies
-
Hi @frerealexis,
If you’d like to allow YouTube, add YouTube to the list of Trusted Web Site.
In the App Patrol profile, enable “Enable Custom Service” and “Check Common Trusted/Forbidden List”.
In the security policy rule, apply Content Filter profile and SSL Inspection profile.
Result:
No matter you access YouTube by entering youtube.com directly or by searching youtube in Google, YouTube is able to be accessed because it is on the Trusted Web Site.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hi Emily, you do not understand : I want to FORBID youtube.
I have placed youtube.com and in the commun blacklist and in the custom "forbidden wet sites" AND "blocked URL keywords" of this profile, as you can see below
Of course I have checked "enable custom service" and I have checked "check commun trusted/forbidden list". But I can still go to youtube via google.
SSL : I have not activated it
- because I cannot update the certificat (I created a post on this subject yesterday)
- In the past I never had to activate SSL inspection. The utm filter worked just fine. I think the problem is since FW 4.35.
0 -
Hi @frerealexis,
To use SSL Inspection, you don’t have to update the certificate. Just export the default certificate and import it to your test PC.
To block YouTube, you can also use App Patrol to block YouTube.
Make sure signature for IDP/App Patrol are updated to the latest version.
Create a new application.
Create App Patrol profile.
Apply App Patrol profile and SSL Inspection to security policy rule.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
I cannot install a certifcat on 40 computers on our network. There should be no need to. In the past the UTM profile worked : no need to use IDP. I will reboot the zyxel hoping this will solve the issue...
0 -
No, rebooting did not solve the issue...
0 -
To illustrate my case : the first logs (in the orange rectangle) show that the utm filter is blocking youtube when I enter youtube directly in the url bar.
The last logs (in green rectangle) show connexions to google and from there I can click on a link to youtube and I have access but no logs specifically mention youtube, but I promise you that I do have access to youtube via google link, which is not normal.
0 -
Hi @frerealexis,
On small models such as USG40 which doesn’t have SSL inspection, you need to enable “Enable HTTPS Domain Filter for HTTPS traffic”.
YouTube uses Quic protocol and the main goal is to improve the application performance that are currently using TCP. Quic is using UDP protocol.
If you found Content Filtering is still unable to block the Google service for instance YouTube, you can simply edit the firewall rule to block UDP 443 make it use TCP to connect with server.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
I do have SSL on the USG210 but it is not activated. blocking UDP 443 does help (the videos are not visible) but the website youtube remains accessible.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight