We help IT Professionals succeed at work.

Must block youtube, but not all streaming video.

jnoaubrey
jnoaubrey asked
on
I have a SonicWALL Pro 2040 with the Enhanced O/S.
Note: This generation product does not run the 5.x O/S with the application firewall.

I've been told to block youtube, but not all streaming media. They still want to get news clips from CNN, FOX, among others.

Key word blocking, ie: "youtube" in the content filter does not work.  Is there a way to block youtube using address objects/groups in the firewall, or are the youtube servers too widely distributed?
Suggestions?
Comment
Watch Question

luc_roySystem Admin

Commented:
the problem is there are a ton of ways around the block you can do.

http://www.wikihow.com/Bypass-Sonicwall-to-Watch-YouTube

have you considered something like a web filter

http://www.barracudanetworks.com/ns/products/spyware_overview.php

you can also use free filter like

http://www.squidguard.org/

Top Expert 2010
Commented:
To implement the blocking you speak of utilizing the firewall, you'd have to know all the IP addresses of the youtube servers.

What I'd do in this case is decide how serious they are about blocking the youtube stuff.  If it's really serious, then I'd look at setting up a whitelist which the Sonicwall content filter does not do well.  I employ CCProxy for this function.  

If they aren't too serious and don't want to employ a whitelist, then I'd look to see what servers are being accessed by youtube.  The users are obviously trying to get around it.  If you have viewpoint, then you can run some bandwidth reports to see what site is being highly utilized to determine what to block with the content filter.  Or, if you go to Log > Reports, you get a snapshot of which site has the most utilization.  You can't see WHO is doing it but you can at least get an idea of where they go to get to youtube.
Commented:
Go to Firewall->Access rules,
1. Click Add at the bottom of the Access Rules table.
2. In the General tab, select Deny from the Action list.
3. Select "LAN" in from and "WAN" in to zones.
4. Select HTTP from the Service list [or a pre-created custom service if the case be].
5. Leave source as ANY.
6. Select 198.68.70.12 [destination] from the Source list. If not already added, select Create New Network and then add under Add Address Object.
7. Leave rest fields to default and click OK.

there are ways to defeat the block in sonincwall, though, as previously mentioned.

Author

Commented:
tjdabomb:

What is the 198.68.70.12?

I did a nslookup on youtube and got:
Addresses:  74.125.95.136
          74.125.95.93
          74.125.95.190
          74.125.95.91
Aliases:  www.youtube.com
Top Expert 2010

Commented:
As long as it stays with those IP addresses and the website itself (youtube.com) isn't trying to get to any other servers, then you're fine.

Author

Commented:
tjdabomb had it almost correct -
And it caused me to search and find the SonicWALL article: "UTM - How to block facebook using Access Rules" KBID 7517
It shows what he is suggesting with more finesse.

digitap is helpful, but I wanted a SonicWALL-only solution, not something else like CCProxy.
Top Expert 2010

Commented:
No problem.  Thanks for posting the KBID and thanks for the points!

Commented:
Sorry, the 198.x.x.x was just an example to be overwritten by the correct youtube ip.

Sorry for my lack of finesse, I missed that day at school.   ;)
Top Expert 2010

Commented:
@tjdabomb: ...but you're making up for it on EE, right?