Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rm_beginner
New Contributor

how to blocked https://www.youtube.com in FTG 100C

Hi All,  I tested all web filter, profile, etc..etc.. even this script below

config firewall address edit "youtube1" set associated-interface "wan2" set type fqdn set fqdn "www.youtube.com" next edit "youtube2" set associated-interface "wan2" set type fqdn set fqdn "youtube.com" next edit "youtube3" set associated-interface "wan2" set type fqdn set fqdn "i1.ytimg.com" next edit "youtube4" set associated-interface "wan2" set type fqdn set fqdn "youtube-ui.l.google.com" next edit "youtube5" set associated-interface "wan2" set type fqdn set fqdn "googlevideo.com" next config firewall addrgrp edit "youtube-group" set member "youtube1" "youtube2" "youtube3" "youtube4" "youtube5" next end config firewall policy edit 0 set srcintf "switch" set dstintf "wan2" set srcaddr "all" set dstaddr "youtube-group" set schedule "always" set service "ALL" set action deny set logtraffic disable next end still I cannot blocked the "https://www.youtube.com" but the "youtube.com" has been blocked why? the https I cannot blocked? Thank you.

5 REPLIES 5
rm_beginner
New Contributor

in google chrome browser.  Thanks

hmtay_FTNT
Staff
Staff

Hello rm_beginner,

 

The best way to block YouTube is through the Application Control module with the signature "YouTube". However, if you would like to do it through other means like the Web Filter, or via address groups, they would work too if you can identify all the domains.

 

That said, you need to set the Application Control signature "QUIC" to Block. It is a proprietary protocol by Chrome and recently used by mobile applications. It was designed to be a quicker mechanism to transmit data to the Google servers. 

 

Therefore, the best way to block YouTube will be setting "YouTube" and "QUIC" to Block on App Control and applying the sensor to your firewall policy. You also need to enable certificate-inspection. Let me know how things go. Thanks!

 

HoMing

rm_beginner

Thanks Homing it works!!, I block YOUTUBE and the QUIC in my application control -> application sensor and and apply to policy under UTM, put check to Enable Application Control. Now my problem is how to allow certain Computers to my NETWORK to watch Youtube? Please advise. Thanks again.

rm_beginner
New Contributor

Hi @Zhunissov4 I am not using FSSO local network only let say I will allow only my PC.  Sorry I am new in this FTG thanks a lot

rm_beginner
New Contributor

I cannot enable my DHCP my DHCP was controlled by our DC Server. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors