Use Case: Block Youtube category but allow some specific youtube video ID(full path url)

Question

Hi All,I am exploring the way to block all youtube but allow some specific youtube video id.&nbsp;The full path url is configured in Application Control policy with action allow and the youtube category is block in Internet Firewall policy. It is not working because application control only take effect with the traffic is allowed in Internet Firewall policy.FYI, full path url is not configureable in Internet Firewall policy.Appreciate if anyone from community can give some ideas.Thanks.

bizzle90 · Answer

Hi Soon,Thank you for your comment and query in the Cato Community channel!So as you have stated correctly, you cannot use Application Control Policy with a block INET FW rule, this is because the traffic needs to be allowed before we can process the traffic further within the Cato stack.Also at this time (I have also attempted to lab this myself to confirm), you cannot use a Full Path URL in the INET FW stack, as I was attempting to create an exception rule and add the Full Path URL which was not accepted.I would politely suggest in this use case is to create an RFE and raise it with your respective Cato customer service representative.&nbsp;Or raise a support ticket (if not already done so), and request an RFE for Full Path URL to be added into INET FW stack.&nbsp;

bizzle90 · Answer

Hey Soon,Just to further add, please see this KB which providers some understanding of the Cato SPACE architecture:https://support.catonetworks.com/hc/en-us/articles/12545093882909-Understanding-Packet-Flow-with-Cato-SPACE-Architecture

yaakov_simon · Answer

Soon,The Application Control policy (CASB), is a licensed service that provides the type of granular control that you are looking for, this granular control is not supported by the Int FW policy.You can create an Application Control rule that allows the Full Path URL for the specific videos, and then the rule after which blocks the YouTube app.Thanks!Yaakov Simon

robin_johns · Answer

If you're going to leverage the Application Control Policy to do this; you could additionally create a value set of all allowed URL paths and use this in a single rule. It would reduce the administrative headache in the future, and put all 'allowed youtube videos' in a single place for you to monitor

michaelsaw · Answer

Hi Soon,&nbsp;Did you manage to give a go with the required configurations on CASB?Cheers!

Forum Discussion

Use Case: Block Youtube category but allow some specific youtube video ID(full path url)

Recent Discussions