Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 11605 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block YouTube

ChrisBaksa

Hello All,

I wondering if anyone has a proper method of blocking YouTube.

I have and SG125 and I simply want to put time limits of the YouTube viewing.

But no matter what I do ... it never seems to work correctly.  One device works, the other does not. 

I have my devices set with DHCP reservations and static Names so I know the devices get the same IP's

Support gave me these expressions (see pic) ... But i'm still fighting the battle.

URL filtering Only is selected.  Should I be using De crypt and Scan?

Any help is appreciated.  I've called support a few times and spent hours on the phone with them.  Its seems like such an easy request.

Thanks 

Chris

 



This thread was automatically locked due to age.
Parents
  • 0

    If you don't see the YouTube accesses in the Web Filtering log file, then the traffic is going via UDP 443.  I believe you need only block that traffic outbound with a Firewall rule.  That will, as Sachin said, force the Google servers to communicate with TCP 443.  Please tell us if you also had to select 'Decrypt & scan' to make your block work.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    If you don't see the YouTube accesses in the Web Filtering log file, then the traffic is going via UDP 443.  I believe you need only block that traffic outbound with a Firewall rule.  That will, as Sachin said, force the Google servers to communicate with TCP 443.  Please tell us if you also had to select 'Decrypt & scan' to make your block work.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Something like this?

    I created a service for UDP over 443

    Then I created a a firewall rule at the top.  I selected all my Internal Networks as sources and the Destination is Internat IPv4/IPv6. The Action is Drop.

    I have not yet enabled it.  Wanted to bounce this off you 1st.

     

     

    Chris

  • 0 in reply to ChrisBaksa

    Looks good, Chris!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I just ran a test on my sons tablet.

    It seems to work.  You tube itself loads... but videos do not play.

    The docs I've seen also mention that Google uses UDP over port 80. I'm considering adding that to the rule as well.

     

    Chris

  • 0 in reply to BAlfson

    I added the port 80/UDP. If I find it causes issues I'll remove.

    I did not change to decrypt and scan. It still selected for url only.

    Now I'm having an issue with the profiles them selves. I wanted to be able to group devices per child and enable and disable at will.  I had to group them all under one profile.  Not sure why it isn't working.  If the device is not listed in the 1st profile it should continue to the next.. and the next... But it isn't doing that.  

    If it isn't one thing it's another.

    Right now I'm good.  I just have to add and remove the devices from the one profile.  Not optimal.  But it works.

    Chris

  • 0 in reply to ChrisBaksa

    Chris, start a new thread with a different title for your new problem.  Don't forget pictures!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Will dob thanks for the help.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML