www.youtube.com blocked by zyxel certificate on Flex700?
ZCNE Certified
Accepted Solution
-
dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website in the content filter blocked category, resulting in the browser detecting the cert does not correspond to the correct cert, then you will see the message as your screenshot.
In conclusion, youtube.com is blocked by DNS content filter, please check the content filter settings, and make sure YouTube or streaming websites are not blocked.0
Zyxel Employee
All Replies
-
Seems very odd, the message states that this is Firefox not trusting the site. Is this problem 100% repeatable across multiple computers in the same network? Could this be caused by a bugged filter function or firewall rule to include or exclude certificates? Does this problem only manifest when using a specific Flex700? Is it a result of damaged configuration or incompatible rules?
0 -
dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website in the content filter blocked category, resulting in the browser detecting the cert does not correspond to the correct cert, then you will see the message as your screenshot.
In conclusion, youtube.com is blocked by DNS content filter, please check the content filter settings, and make sure YouTube or streaming websites are not blocked.0 -
Youtube is on the allowed list and streaming websites are not blocked.
Any suggestions of where to look further in the Flex7000 -
We can check the monitor log to see which policy rule blocks YouTube.
Go to Policy Control and enable the log options for the rules with content filter profile, then get blocked again to see which rule is the root cause.0 -
It turned out like this: When I rechecked the settings for Lan to Wan I saw that the content filter profile was turned off for this Flex700. When I turned it on with BPP I got this warning message:
Which confused me. What does it mean? I clicked on OK but saw nothing further about where to apply dns content filter.
Now the youtube if working apparently. So we need to have the content filter enabled…….?0 -
It's more like a reminder note instead of a warning error.
For DNS content filter profile, you need to apply it to two security policies to make it work, that is,
LAN_outgoing: block the DNS query toward to external DNS server. (192.168.1.33 -> 8.8.8.8)
LAN_to_Device: block the DNS query from host to firewall. If this is not blocked, the host still is able to query the firewall, then the firewall will ask the external DNS server (192.168.1.33 -> 192.168.1.1)It seems to be a misconfiguration at first since it works after applying the content filter profile again.
0 -
Thanks for the explanations
0
Master Member
Categories
- All Categories
- 417 Beta Program
- 2.5K Nebula
- 161 Nebula Ideas
- 108 Nebula Status and Incidents
- 5.9K Security
- 331 USG FLEX H Series
- 286 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 259 Service & License
- 402 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 80 Security Highlight
