ATP100 - HSTS - Youtube
Freshman Member
Hi We have just replaced old usg with a new ATP. When the customer tries to access, for example, at youtube, the site directly redirect to consent.you.... Firefox gave me "key pinning error". I tried to add the *.youtube.com on every whitelist, I tried to disable any rule, I tried to disable http to https redirect... I don't knot how to search. Our firewall is always an ATP100, I checked the configuration and it's really similar... And we can access without any problem. I don't know what to check.... FW is 5.00 ABPS.2
0
All Replies
-
Hi @Cava,
What security services (App Patrol, Content Filter, ....) are enabled on ATP100?
Are there any blocked messages of YouTube access in Logs?
Can you send me the startup-config.conf of ATP100 in private message?
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hi. I did nothing since I wrote the message (yesterday was holiday here), and this morning it works. I just updated the certificates2 days ago...
0 -
Hi @Cava,Thanks for sharing your test result with us.
If the issue happens again, feel free to send the startup-config.conf of ATP100 to me in private message.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hi. Same problem on another customer...
0 -
content filter, app patrol enabled. ssl inspection no. It seems like man in the middle...
0 -
Hi. I did some checks.... It seems that after installing the firewall (casually?) there is a problem with DNS resolution. The customer has a phisical windows 2016 server with an old, virtualized, SBS 2008 When I trie to resolve www.youtube.com it goes to 52.203.95.96 (United States Ashburn Amazon Technologies Inc. ). Instead from my PC it resolve the address with 142.250.184.110 (Italy Milano Google ). If I replace the DNS on a internal PC with 8.8.8.8 it works. The forward DNS on SBS are 8.8.8.8 and 8.8.4.4. Already tried to flush DNS cash (locally and DNS Server). We have still SBS2011, same firewall, same DNS configuration and no problems
0 -
Hello @CSCComoWhat is your DNS server configuration on Zyxel firewall?If it is a DNS resolution issue, you might refer to the following links about Domain Zone Forwarder:If you would like to flush DNS cache, you can refer to this discussion:0
-
In our case we have the ATP100 behind an ATT Fiber modem/router. The ATP was using the ATT device for DNS. Changed this to an external DNS server (Level3) and it worked.0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 75 Security Highlight
