Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Phillyidol
New Contributor

Created on ‎08-27-2014 08:48 AM

HTTPS Block - ONLY YouTube

Okay - forgive me if this has been asked and answered, as I have some fair experience with firewalls, but a newbie with FortiGuard, so looking for some ' step-by-step' instructions that cover a larger range of these units, as we have one 80C, and one 100D, both with v5.0 FW. Issue is we put together a rule to block youtube, but no matter what settings we try (including the SSL Inspection settings, which BTW look like they are ONLY for a Proxy setup with a Web Filter), we can' t seem to block youtube with an https in the URL. As mentioned, if anyone has the FULL steps/settings to get this to work, it' d be greatly appreciated. Again, apologies if this was answered, but I looked and only found references of steps and looking for all steps, although, I just may have missed the post. Thanks
Philly Idol
Philly Idol
12367
0 Kudos
12 REPLIES 12
amitkor
New Contributor

Created on ‎10-02-2014 10:05 AM

Ive tried this with version 5.2.1 It blocked all social networks. Other ways i have tried did not block the youtube link from google.com. Does anyone of a way to block only youtube?
1304
0 Kudos
TuncayBAS
Contributor II

Created on ‎10-08-2014 06:52 AM

With IPS signatures via DNS requests can block YouTube. Would you please test the following IPS signature? 
 F-SBID(--name " Youtube.Block" ; --protocol tcp; --dst_port 443; --flow from_client;  --dst_addr ([173.194.55.0/24,206.111.0.0/16,74.125.232.1/32,74.125.232.8/32,74.125.232.7/32,74.125.232.65/32,208.117.254.192/26];)
 
 F-SBID(--name " Youtube.DNS-Block" ; --protocol udp; --service DNS; --flow from_client; --byte_test 1,<,128,2; --pattern " youtube" ; --context host; --no_case;)
Tuncay BAS
RZK Muhendislik Turkey
FCA,FCP,FCF,FCSS
Tuncay BASRZK Muhendislik TurkeyFCA,FCP,FCF,FCSS
1304
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎10-08-2014 10:15 AM

I' m kinda wary about playing around with various google subnet blocks -- grabbing various lists I found on the Internet, in my initial testing, I have accidentally locked my test network out of google.com' main search page (or local version). Though the second signature looks nice and was something I was going to try myself, using bits of info found on this site.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
1304
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.