UTM: Allow YouTube while blocking Multimedia content of other

sites. (SW10612)
Return

Title

UTM: Allow YouTube while blocking Multimedia content of

other sites.
Resolution

ArticleAppliesTo:
Gen6SME10000series:NSAE10800,NSAE10400,NSAE10200,NSA
E10100
Gen6SM9000series:NSA9600,NSA9400,NSA9200
Gen6NSAseries:NSA6600,NSA5600,NSA4600,NSA3600
Gen5NSAEClassseries:NSAE8510,E8500,NSAE7500,NSAE6500,
NSAE5500
Gen5NSAseries:NSA5000,NSA4500,NSA3500,NSA2400,NSA2400
MX,NSA240,NSA220,NSA220/W.NSA250M,NSA250M/W.
Gen5TZSeries:TZ210,TZ210W,TZ215,TZ215W.TZ105,TZ105W,
TZ205,TZ205W
Firmware/SoftwareVersion:SonicOS5.8.0andabove
Services:AppRules,AppControlAdvanced

Feature/Application:
ThisKBarticledescribeshowtoallowYouTubestreamingcontentwhileblocking
multimediacontentofothersites.ThemethoddescribedhereusesAppRules
policieswithAppControlAdvancedsignatures.
Note:ThesolutiondescribedhereisforHTTPtraffic.Thisarticledoesnotclaim
toblockHTTPStraffic.ForthissolutiontoworkoverHTTPSrequiresClientDPI
SSL.

Procedure:
1.

LogintotheSonicWALL
managementGUI.

2.

Navigateto
theFirewall>Match
Objectspage.

3.

ClickonAddNewMatch
ObjecttoopentheAdd/Edit
MatchObjectwindow.

4.

EnteranameforthisMatch

4.

EnteranameforthisMatch
Object.Forexample,YouTube
Signatures

5.

UnderMatchObjectType,
selectApplicationList.

6.

UnderApplicationCategory,
selectMULTIMEDIA

7.

UnderApplication,
selectMULTIMEDIAYouTube

8.

ClickontheAddbuttononthe
righttoaddthisapplicationto
theListbox.

9.

Click To See Full Image.

ClickonOKtosave.

Now we create another match object, this time for multimedia

content.

1.

ClickonAddNewMatch
ObjecttoopentheAdd/Edit
MatchObjectwindow.

2.

EnteranameforthisMatch
Object.For
example,Multimedia
Signatures

3.

UnderMatchObjectType,
selectApplicationCategory
List.

4.

UnderApplication
Categories,
selectMULTIMEDIA

5.

ClickontheAddbuttononthe
righttoaddthisapplicationto
theListbox.

6.

ClickonOKtosave

Click To See Full Image.

We have created two match objects and are now ready to

We have created two match objects and are now ready to

create two App Rule policies referencing each of the above
match objects. In order for this to work, the policies must be
created in the exact order described here. This is due to the
way App Rule policies are prioritized which is, the first policy
created has a higher priority than (and therefore above) the
subsequent policies. For our particular purpose, we first create
the policy to allow YouTube and then the policy to block
multimedia content of other sites.

1. Navigate to the Firewall >App

Rulespage.
2. Enable check boxEnable App
Rules
3. Click onAdd New Policyto open
theEdit App Control
Policywindow.
4. Enter a name for this policy. For
example,Allow YouTube.
5. UnderPolicy Type, selectApp
Control Content.
6. SetAddresstoAny. (Note: This
field is for including IP
addresses, inside or outside)
7. SetExclusion AddresstoNone.
8. UnderMatch Objectselect the
match object created earlier
YouTube Signatures
9. UnderAction
ObjectselectBypass DPI.
10. UnderUsers/Groups>Included,
select a user group to be
included under this policy.
11. UnderUsers/Groups>Excluded,
select a user group to be
excluded from this policy.
12. The remaining setting could be
left as it is.

Click To See Full

Image.

13. Click onOKto save.

We create now a policy to block multimedia content.
1. Click onAdd New Policyto open
theEdit App Control

theEdit App Control

Policywindow.
2. Enter a name for this policy. For
example,Block Multimedia.
3. UnderPolicy Type, selectApp
Control Content.
4. SetAddresstoAny. (Note: This
field is for including IP
addresses, inside or outside)
5. SetExclusion AddresstoNone.
6. UnderMatch Objectselect the
match object created earlier
Multimedia Signatures
7. Under Action Object
selectReset/Drop.
8. UnderUsers/Groups>Included,
select a user group to be
included under this policy.
9. UnderUsers/Groups>Excluded,
select a user group to be
excluded from this policy.
10. The remaining setting could be
left as it is.
11. Click onOKto save.

Click To See Full

Image.

Testing
From a host behind the SonicWALL, access YouTube and play a
video. If you have configured the policies as recommended
above, the video will play. Here is a screenshot of the log
message generated when one of the App Rule policy is
triggered. To know whether theAllow YouTubepolicy is being
triggered, hover the mouse over the details icon of the log
message.

Click To See Full Image.

Once you have ascertained that the correct policy is being

applied for YouTube traffic, access another streaming website
and play multimedia content. If all is well, the second policy
will be applied and the content will be blocked. Shown here is
a screenshot of the log message generated
whenVimeo.comwas accessed. By hovering the mouse over the
details icon of the log message we know the policy applied was
"af_policy=Block Multimedia".

Click To See Full Image.

Key Words

10612