Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 11603 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block YouTube

ChrisBaksa

Hello All,

I wondering if anyone has a proper method of blocking YouTube.

I have and SG125 and I simply want to put time limits of the YouTube viewing.

But no matter what I do ... it never seems to work correctly.  One device works, the other does not. 

I have my devices set with DHCP reservations and static Names so I know the devices get the same IP's

Support gave me these expressions (see pic) ... But i'm still fighting the battle.

URL filtering Only is selected.  Should I be using De crypt and Scan?

Any help is appreciated.  I've called support a few times and spent hours on the phone with them.  Its seems like such an easy request.

Thanks 

Chris

 



This thread was automatically locked due to age.
  • 0

    Hi,

    you need to take into consideration all your other exceptions or bypass rules.

    Do you have video and audio scanning by pass ticked if so your rule will not be applied.

    You will need to setup a series of time managed profiles with the bypass video and audio either thicked on the allowed profile and unticked in the disallowed profile.

    I have left all my original post intact.

    The item I am referring to is in a different section and is either ticked or unticked, but not configurable in a profile. The item should be part of a profile to allw what you are trying to achieve.

    With the streaming ticked you will not be able to block youtube videos because they bypass scanning.

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hi Chris,

    You will find a lot of relevant posts tagged to the right side of your Question regarding YouTube. YouTube blocking will require Decrypt & Scan selected and the other possibility; if using Google Chrome Web Browser then you must configure a fw-rule to drop UDP 443  and place it on the TOP. The reason is that Chrome browser uses QUIC protocol to enhance the google services.

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    If you don't see the YouTube accesses in the Web Filtering log file, then the traffic is going via UDP 443.  I believe you need only block that traffic outbound with a Firewall rule.  That will, as Sachin said, force the Google servers to communicate with TCP 443.  Please tell us if you also had to select 'Decrypt & scan' to make your block work.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to rfcat_vk

    I'm not sure where "bypass video and audio" tick box is.  Can't say I've ever seen that.

    My setup is very Basic.  I have one Default policy and then one for the kids.

    I'm using Transparent Mode.

    URL filtering only. When I selected De crypt and scan, You tube stopped working for everyone (except exempt hosts).

    I'm no guru with web filtering.  I find it a bit confusing.  But I'm even more pissed that I paid $1500 for this router (with support) and Spohos support has not been able to give me a workable solution.

     

    Chris

  • 0 in reply to BAlfson

    Something like this?

    I created a service for UDP over 443

    Then I created a a firewall rule at the top.  I selected all my Internal Networks as sources and the Destination is Internat IPv4/IPv6. The Action is Drop.

    I have not yet enabled it.  Wanted to bounce this off you 1st.

     

     

    Chris

  • 0 in reply to ChrisBaksa

    Looks good, Chris!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I just ran a test on my sons tablet.

    It seems to work.  You tube itself loads... but videos do not play.

    The docs I've seen also mention that Google uses UDP over port 80. I'm considering adding that to the rule as well.

     

    Chris

  • 0 in reply to BAlfson

    I added the port 80/UDP. If I find it causes issues I'll remove.

    I did not change to decrypt and scan. It still selected for url only.

    Now I'm having an issue with the profiles them selves. I wanted to be able to group devices per child and enable and disable at will.  I had to group them all under one profile.  Not sure why it isn't working.  If the device is not listed in the 1st profile it should continue to the next.. and the next... But it isn't doing that.  

    If it isn't one thing it's another.

    Right now I'm good.  I just have to add and remove the devices from the one profile.  Not optimal.  But it works.

    Chris

  • 0 in reply to ChrisBaksa

    Chris, start a new thread with a different title for your new problem.  Don't forget pictures!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Will dob thanks for the help.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML