Thread Info
  • State Suggested Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 3 answers
  • Subscribers 35 subscribers
  • Views 21249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Enforce safesearch issues on youtube

waghelak

Hi,

I am seeing some issues since i went to v17 all the way from beta to GA.

When safesearch is enabled i now have issues with some youtube videos where although i see the title the content is different.

For example with safesearch enabled, when i search for an Indian program called "crime patrol" i am getting weird results.

My understanding this was only applied on search engines and not youtube.

Any ideas?



This thread was automatically locked due to age.
  • 0

    We're seeing a similar issue since updating to v17 on our XG.  Youtube is forced into Restricted Mode with Enforce SafeSearch enabled.  The verbiage on that setting doesn't specify that it includes Youtube - it probably should be changed to clarify that if this is working as intended.  Otherwise, enforcing Youtube Restricted Mode probably should be separated out into its own setting since Youtube Restricted Mode is way more restrictive than Google SafeSearch.

  • +1

    Hello,

    As per Michael Dunn Sophos Engineer,  SafeSearch and Youtube Restricted mode is single common and global setting on XG firewall.

    Regards, Ronak.

  • 0

    I also have users start complaining that they can't view some youtube videos and I found it was because of safesearch.

    There should be an option for each setting separately (Safe Search / YouTube Restricted Mode)

    And even better is to make this setting per web policy and not global setting (SG UTM has this option).

  • +1

    I ran into this issue with youtube as well.  I ended up creating a LAN to WAN rule with a Destination Network of *.youtube.com.  I disabled scan HTTP and Decrypt & Scan HTTPS on this rule and placed it above everything else.  Users are now able to view youtube unrestricted while still enforcing safe search.  The downside with this is there is no control over the access to youtube since it's not getting inspected.

  • 0 in reply to Mustangb0ss

    Vote for idea to implement feature to separate Safe Search and YouTube restricted mode in two different options:

  • 0 in reply to RainMan730

    This was brought up during beta testing and everyone who posted about the issue requested that youtube restricted mode be separated from safe search enforcement.

    That are the plans to improve this functionality?


    Thanks!

    Tim

  • 0 in reply to Tim Kamps

    AFAIK the plan is in v17.2 to improve the safe search functionality to both separate Youtube and to make it configurable per policy rather than global.
    Do not take this as an official promise of a feature or timeline.

  • 0 in reply to Mustangb0ss

    We have created Firewall Rules without Web Policy associated before other firewall rules with web policies to get it working.

    We created a FQDN group to contain below wildcard domains, and the services we set HTTP and HTTPS because we saw the web policy logs before the youtube stuff only use these protocols, but for some reason, we found it is not working well, so we use Any Services instead for the destination group contain below domains:

    Required:

    *.youtube.com
    *.googlevideo.com
    *.ytimg.com
    *.doubleclick.net
    *.googleapis.com
    *.googleadservices.com
    *.ggpht.com

    Optional I think

    *.googleusercontent.com
    *.gstatic.com

  • 0 in reply to Stephen Chan

    If you wish to remove the youtube restrictions you could do this, basically allowing youtube through without any filtering.

     

    The XG is enforcing option 1 here: https://support.google.com/a/answer/6214622?hl=en

     

    Therefore the domains that we are manipulating to enforce restricted mode in youtube are.  I have not tested, but I suspect this is all you need in the FQDN group.

     

    • www.youtube.com
    • m.youtube.com
    • youtubei.googleapis.com
    • youtube.googleapis.com
    • www.youtube-nocookie.com
  • 0 in reply to Michael Dunn

    Yes, we followed that, but we found those wildcard domain is not enough. Because the client has ipad, mac book, windows and others, we used web policy log to track/trace down the possible domain related to youtube when Restricted mode issue happen. Then add those wildcard domain names in the group to get it working. Finger Crossed!