Hot!Block youtube and FB

Author
Anne
Silver Member
  • Total Posts : 104
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/04/16 13:25:44
  • Status: offline
2014/01/27 19:07:20 (permalink)
0

Block youtube and FB

Hi All,

I used Application Control to block access to FB and YT. It worked fine but here are the results:

Tested on Chrome.

www.facebook.com = No Data Recieved
https://facebook.com = SSL connection error
www.youtube.com = App currently unreachable

Firefox:
www.facebook.com = Connection was reset
https://facebook.com = Connection interrupted
www.youtube.com = Connection was reset

All tests experiences were like long page loading delays with an eventual failure.
The error messages are a bit strange also - I would have expected a firewall blocking error?? Is there a way these messages can be changed.

Thanks
Anne
#1

8 Replies Related Threads

    AtiT
    Platinum Member
    • Total Posts : 469
    • Scores: 42
    • Reward points: 0
    • Joined: 2012/04/18 12:13:27
    • Location: Prague / Czech Republic
    • Status: offline
    RE: Block youtube and FB 2014/01/28 02:45:43 (permalink)
    0
    Hi Anne,

    Maybe I' m wrong but the application control will not inform the user whether something has been blocked or not. It will just block it. How the browser will interpret the blocked traffic it can be different.

    I think better is to use the Webfilter (URL filter) for blocking. Application control to use block only some parts for example Facebook.Chat etc...
    < Message edited by AtiT -- 1/28/2014 11:46:28 AM >

    AtiT
    --------------------
    NSE 8, CCNP R+S
    #2
    billp
    Expert Member
    • Total Posts : 846
    • Scores: 51
    • Reward points: 0
    • Joined: 2009/05/20 23:44:05
    • Location: Pacific Northwest
    • Status: offline
    RE: Block youtube and FB 2014/01/28 08:56:39 (permalink)
    0
    That' s correct. Application blocking will not give an error. It will just stop the session from completing.

    If you use FortiOS 5.0.x, there is something called a Fortinet Top Bar available in Proxy Options. It will overlay a small window over your browser to let you know that an application was blocked. It also gives login information and other status messages.

    I haven' t used this feature, so I don' t know how reliable it is. It might be worth investigating.

    Blocking the domain in the web filter will also give you a proper error message. However, domain blocking is not as reliable as application blocking.

    It' s not reliable for blocking the HTTPS versions of websites if you don' t have SSL deep-packet inspection enabled. This is especially true for Google-based sites that use a similar *.google.com SSL certificate for almost all their websites.

    For Facebook, I found it was more reliable to block via Application Control.

    I don' t block Youtube, so not sure how well App Control works for that. It might be easier to create a School ID for Youtube and force all Youtube traffic to educational videos. That effectively ruins it as an entertainment source.



    Bill

    ==========
    Fortigate 600C 5.0.12, 111C 5.0.2
    Logstash 1.4.1
    #3
    Bromont_FTNT
    Platinum Member
    • Total Posts : 566
    • Scores: 43
    • Reward points: 0
    • Joined: 2012/11/19 07:22:36
    • Status: offline
    RE: Block youtube and FB 2014/01/28 09:26:09 (permalink)
    0

    Also even if using webfilter with certificate/SNI to block HTTPS sites you' ll still get browser warnings as currently the blocked page uses the Fortigate certificate
    #4
    Aliasgar
    New Member
    • Total Posts : 12
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/02/02 22:46:30
    • Status: offline
    RE: Block youtube and FB 2014/02/02 22:56:42 (permalink)
    0
    Hello all,
    i am facing same issue, after applying SSL inspection ON,

    i already import Root authorities certificate to IE, downloaded from Fortigate,

    still when i open any HTTPS web site gives me error,

    Please assist me.

    Thank you

    ASJ
    #5
    Bromont_FTNT
    Platinum Member
    • Total Posts : 566
    • Scores: 43
    • Reward points: 0
    • Joined: 2012/11/19 07:22:36
    • Status: offline
    RE: Block youtube and FB 2014/02/03 05:08:51 (permalink)
    0

    If using Firefox the certificate needs to be imported into Firefox as well.
    #6
    Dipen
    Gold Member
    • Total Posts : 305
    • Scores: 4
    • Reward points: 0
    • Joined: 2013/06/17 07:24:49
    • Location: Muscat; Oman
    • Status: offline
    RE: Block youtube and FB 2014/02/12 04:19:31 (permalink)
    0
    Application Control is more reliable method to block but as said by other participants Application Control dosent give any Block Page like Web Filter.
    Blocking of HTTPS websites has been a looong issue with Fortigate...Not enabled till HTTPS Deep Packet inspection is enabled.
    Even after putting all Certificates etc in place the Deep Packet inspection renders many Web pages lifeless.

    Ahead of the Threat.
    FCNSA v5 / FCNSP v5
    Fortigate 1000C / 1000D / 1500D
     
    #7
    TuncayBAS
    Gold Member
    • Total Posts : 211
    • Scores: 16
    • Reward points: 0
    • Joined: 2005/07/01 03:17:46
    • Location: Ankara / Turkey
    • Status: offline
    RE: Block youtube and FB 2014/03/11 00:47:12 (permalink)

    Tuncay BAS
    RZK Muhendislik Turkey
    NSE 4 5 6
    FCESP v5
    #8
    shah_nawaj
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/11/09 23:36:59
    • Status: offline
    Re: Block youtube and FB 2019/11/09 23:50:17 (permalink)
    0
    Hi,
     
    Good day!!!
     
    I want to keep running Facebook in my network, but i block the video over Facebook, is there any way to do it.
     
    Thanks & Regards,
    Shah
    #9
    Jump to:
    © 2019 APG vNext Commercial Version 5.5