Blocking Amazon Prime Video application on portable devices

StephQ · ‎08-21-2020

Hi,

I'm trying to block Amazon Prime video (video streaming service) on my network.

The Amazon.video filter works great for pc, it do what it should for PC, but if I have the application "Prime video" installed (on my apple or android device) it doesn't get blocked.

Log show Amazon.video being blocked, but then the device connect to other services and websites (like akamai & amazonaws) and can stream video anyway.

Using webfilter I can block individual streaming sources ... like "a213avodhlss3ww-a.akamaihd.net" but it I have no idea wich ones are used only by prime video. And as you know they can use many more streaming sources.

Anyone was ever able to fully block acces to Amazon Prime video?

On the .jpg included you see amazon.video being blocked, but the video start anyway using Amazon.Services then akamaitechnologies.com

we can't block Amazon.Services, or the entire amazon web site

The disney+ app filter works great on pc, and apple/android devices, but prime video is a pain!

thank's

Dave_Hall · ‎08-24-2020

The only info that I could find about the Amazon Video service is that it uses standard ports 80/443. (No mention about the service using the QUIC protocol though.) If the fgt is using full SSL inspection then you may have better luck wildcard blocking the url "www.amazon.com/Amazon-Video/*".

Amazon seems to be using the same security certificate for most/all of it's domain/services, so the SAN is something like 17-20 domain names. If your fgt is setup for certificate inspection, then you may need to find other means to block the amazon video service. That said, I would suggest drilling down to the individual sessions on a mobile device to see how it is accessing the Amazon Prime video (video streaming service).

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C