Why youtube.com & sophos.com is not blocked by URL-GROUP?

Hi,

not sure why you want to block sophos.com, but it is in the web exceptions by default?

also your filter is very basic, there are many sites for both url groups.

Ian

SFVH (SFOS 17.5.0 GA)

I was trying to block youtube.com but allow all GSuite access through URL groups. It worked in a quite interesting way that Google Slide was playing the game. As I used "default deny all" policy, I was assuming all URL except I've put into white list would be inaccessible. I did incidentally click search through google and found sophos/youtube was accessible. 

That's why I thought I did something wrong from the configuration side.

Ian, another question is why teamviewer is by default enabled as exception?

Hi Peng,

teamviewer is in the exceptions by default because it requires a special work around for a bug in the teamviewer software.

Blocking sophos/youtube, please remember that many sites have a youtube subset to provide sales and marketing, support videos etc.

The web policy you created needs to be part of your firewall rule. You can try blocking it with application support as well.

Please do a search of the forums and the KBAs for additional details.

Ian

Hi Ian,

Thanks for your replying. 

I did apply the web policy with a separate firewall rules and specific clientless user for testing purpose

Hi Peng,

you need at the very minimum http scanning enabled and for full benefit you will need https scanning, otherwise there is no lookup.

Ian

In addition to the exceptions you can see, there are a few hidden additional ones for accessing Sophos itself.  You cannot build a policy (even the deny all) that blocks access to Sophos.

However if everything is correctly configured, you should be able to block the main youtube website using that.  It might not block embedded youtube videos that use different domains.