Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 10940 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trying to trace a netflix user

DamoL

Hi all,

Device: UTM 220 running UTM 9.502

In my daily Exec Reports, I see in our top 10 servers some netflix video servers. In Logging & Reporting->Network Usage->Bandwidth Usage the netflix are shown to use HTTPS. How I can reliably trace this access back to a user or client IP? I see alot of IPs using HTTPS, and I can only go by the amount of data, not the actual request connection. Any ideals in which log to look at?

Regards

Damien 



This thread was automatically locked due to age.
  • 0

    There have been multiple posts in this forum about making Netflix work, and as I recall, it involved creating a lot of exceptions to bypass web filtering.  You cannot get much data if you have to bypass the data collection engine to make it work.  You also cannot use Webfiltering configuration to make Webfiltering-bypass a user-specific process, as that would be circular logic.  But if you use Standard Mode, you can make the proxy bypass user-specific.  It will be complicated:  

    (1) Enable Standard Mode and push out the Proxy CA root to any device that does not have it already.  

    (2) Create a proxy script or proxy GPO that bypasses Netflix and whatever else that needs exceptions.   If desired, create another proxy configuration for anyone else that will use Standard Mode without Netflix.  

    (3) Create a Filter Profile for Standard Mode, and a policy for the Netflix-Allowed group.  Of course you can create a policy for other Standard Mode users if you want.  Then apply the appropriate Filter Action to the new Filter Profile-Policy pair(s). 

    (4) Push the Netflix-allowed GPO to members of the Netflix-Allowed group, to turn the feature on.  (If you don't have Active Directory and Windows, you will need to find your own deployment mechanisms.) 

    (5) Remove the exceptions that you configured for Transparent Mode users.

    Start with no members in the group other than the account you use for testing the setup, and wait for people to scream.  Make them apply for the right to use Netflix through your regular management channels.

  • 0 in reply to DouglasFoster

    I currently only want to track down who has accessed it and have a nice word to them, not setup any rules as such. So how do I track server to client IP connections?

  • 0 in reply to DamoL

    If Netflix is not being bypassed, you check the logs.  But do you have exceptions configured to make netflix work? If so, I think you are out of luck.

  • 0 in reply to DamoL

    Hey Damien, If you have switches that are capable of port-mirroring you could download a packet capture tool such as Wireshark. Setup a capture on the port connected to the LAN interface of the 220 and just look for the destination PC with the most traffic :) and connections doing DNS lookups for Netflix. That should set you in the right direction.

    Take care,

    todd

  • 0 in reply to DamoL

    Have you tried logging Netflix use?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML