blocking Youtube completely

Meraki_user1
Conversationalist

blocking Youtube completely

I am trying to block YouTube on all platform (PC, IOS and Android) in our network.  I created ab with the following block URL Patterns:

 

 

Youtube.com
www.youtube.com
googlevideo.com
gvt1.com
r3---sn-ni5f-t8gz.gvt1.com
r2---sn-ni5f-t8gs.gvt1.com
ytimg.com
r3---sn-ni5f-t8gs.gvt1.com
s.youtube.com
ytimg.l.google.com

 

Any browser base in all platform was successfully blocked, however app on both IOS and Android continue to work.  On occasion, the preview of video will not show up, but streaming still persists once the user selects any videos.  Packet capturing showing block on the list of URL above but the app continues to work.  

 

Has anyone successfully block youtube?

 

thank you

 

Nelson M

11 REPLIES 11
jdsilva
Kind of a big deal

I would try using the L7 Firewall rules to do this.

 

image.png

I have the same problem and layer 7 FW rules don't block mobile apps. I still haven't found the solution to this problem.

gogy70
Conversationalist

 

Simply, just create Layer 3 firewall rule into group policy You use for mobile devices and deny UDP:

 

#policy    #protocol      #destination        #port

Deny        UDP            youtube.com          80

Deny        UDP            youtube.com        443  

 

Mobile application use UDP protocol instead of TCP

 

Goran

This is the correct answer, a lot of apps use the new-ish QUIC protocol which uses UDP ports 80 and 443 which does not get picked up by the content filtering rules. 

 

Once you have configured the recommended rules the QUIC traffic will get blocked by the Firewall, the app will then fall back to using traditional TLS/SSL which will be blocked by the content filtering rules.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC#:~:text=Palo%20Alt...

 

 

I have tried this option, but users are still able to access Youtube on Mobile Phones. Is there something am missing?

Patumusiime_0-1691045957685.png

 

Try to change in protocol Any instead of only UDP...

I just did that and it still doesn't work. 😔

First try to block 

1. youtube.com

2. youtu.be
3. googlevideo.com
4. googleadservices.com

 

 

If this not working, check how is policy applied? its on specific vlan? what is target ?  Best solution is to block Youtube first on Content Filtering->Category Blocking , also URL Filtering below -> Blocked Url list

 

youtube.com
googlevideo.com
googleadservices.com

 

Then make more policy into Group Policy  to allow this cointent  in Allow list URL patterns (Override) for youtu.be; youtube.com; googlevideo.com

I maybe need more contents to solve this...

Great, it has worked like a charm now. I added (youtu.be,googlevideo.com and googleadservices.com) to the list as you've suggested.

JHLoi
Conversationalist

I have exactly the same issue but still cannot get it to work following the steps mentioned. YouTube is still enabled in android devices. Could you please post your complete config for this setup?

Patumusiime_0-1693397258380.pngPatumusiime_1-1693397282168.png

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels