Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Youtube restriction by channel - sort of works

Hi

My kids have to use chromebooks as that is what school  issue so I am stuck with Chrome browser.

I setup new web category and added keywords for the channels that they can watch without time restriction

and another one for domain. I think when combined it doesn't work so I split it

I had to a couple extra keyword like generate_204 and youtubei

however if my kids keep hitting refresh and retry it eventually allows them through

this is my firewall rule, where traffic with  youtube domain it  is directed to this FW and goes to the webpolicy

it seems chrome is somehow bypass my firewall or rules are not applied consistently

I do have block QUIC enabled

I am on firmware SFOS 19.5.2 MR-2-Build624

thx in advance

David



This thread was automatically locked due to age.
Parents
  • Hi,

    please change you Source to LAN and Network to the IP address range of the network your children's devices connect to? Also tick logging and is the rule at the top of your  firewall list?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Ian

    Change source to LAN and network to kids device subnet but still allowing it through if you hit retry a number of times.

    thx

    David

  • Hi,

    thank you for the update. After you made the changes did the kid's devices perform a restart or were they still connected? Another change is to reduce the port range to http and https because any will allow the devices to access ports outside to the proxy controlled ports.  Also you might try restarting the XG.

    After the above please post a copy of the updated firewall rule and the log entries showing the rule in use.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi

    No device restart but i did close my browser and restart it.

    here are some extra observation 

    It is hitting quota /video host web rule   which should stop the load

    but if I look at Chrome in developer mode the URL is getting through

    I already restrict service to https only

    and traffic is hitting that firewall rule

    thx

    David

  • Hi.

    thank you for the update. Please post the bottom half of that rule.
    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data