NOTE: Before configuring your SonicWALL security appliance for YouTube for Schools, you must first sign up: www.youtube.com/schools.
|
NOTE: Before configuring your SonicWALL security appliance for YouTube for Schools, you must first sign up: www.youtube.com/schools.
|
The configuration of YouTube for Schools depends on the method of Content Filtering you are using, which is configured on the Security Services > Content Filter page.
When you select Via Application Control from the CFS Policy Assignment menu, on the Security Services > Content Filter page, YouTube for Schools Content Filtering is configured as an App Control policy.
YouTube for Schools Content Filtering is configured in two parts:
You first create a match object or multiple match objects. Then, you apply them in the App Rule.
|
•
|
|
1
|
|
2
|
|
3
|
Select the Do not bypass CFS blocking for the Administrator checkbox.
|
|
4
|
Click the Accept button at the top of the page.
|
|
1
|
|
2
|
|
3
|
In the Object Name field, type a descriptive name. The minimum length is 1 character, the maximum is 96 characters.
|
|
4
|
From the Match Type drop-down menu, select Partial Match. A partial match matches the specified pattern to any portion of a given content. For example, given the content “SonicWALL is the leader in Unified Threat Management,” the pattern Sonic results in a match.
|
5
|
|
6
|
|
7
|
Click Add.
|
|
8
|
|
9
|
Click Add.
|
|
10
|
Click OK to create the Match Object.
|
|
1
|
|
2
|
|
3
|
In the Policy Name field, type a descriptive name for this policy, such as CFS YouTube. The minimum length is 0 characters and the maximum is 96.
|
|
4
|
|
5
|
From the Address drop-down menu, select the address group to which this policy applies. The default is Any.
|
|
6
|
From the Exclusion Address drop-down menu, select the address group to exclude from this policy. Excluded objects are not affected by the policy. The default is None.
|
|
7
|
From the Match Object drop-down menu, select the object you want to match. The default is Forbidden Content.
|
|
8
|
From the Action Object drop-down menu, select the action you want this policy to perform.In this case select CFS Block Page.
|
|
9
|
From the Users/Groups Included drop-down menu, select the user or user group to which this policy applies. The default is All.
|
|
10
|
From the Users/Groups Excluded drop-down menu, select the user or user group to exclude from this policy. Excluded objects are not affected by the policy. The default is All.
|
|
11
|
|
12
|
If you want to use flow reporting, select the Enable Flow Reporting option.
|
|
13
|
If you want to use logging, select the Enable Logging option. This option is selected by default.
|
|
14
|
If you want to use the CFS format for logging messages, select the Log using CFS message format option. This option is selected by default.
|
|
15
|
If you want to filter redundant log messages, enter the number of seconds for the filter interval in the Log Redundancy Filter (seconds) field.
|
To use the global settings for filtering log messages, select the Use Global Settings option (on the same line). The default is 0 seconds.
|
16
|
|
NOTE: For the CFS Allow/Excluded List and the CFS Forbidden/Included List options, you should select the match object you created in Configuring a Match Object for YouTube for Schools Content Filtering . (Our example uses CFS YouTube Filtering.) This match object should be selected to either include or exclude.
|
|
17
|
From the CFS Allow/Excluded List drop-down menu, select the object that you do not want to block with this policy.
|
|
18
|
From the CFS Forbidden/Included List drop-down menu, select the object that you want to block with this policy.
|
|
19
|
If you want to use Safe Search Enforcement for all search engines, select the Enable Safe Search Enforcement option. This setting is disabled by default.
|
|
20
|
To enable YouTube for Schools, select the Enable YouTube for Schools checkbox.
|
|
21
|
|
22
|
Click OK to create the policy.
|
When the CFS Policy Assignment drop-down menu on the Security Services > Content Filter page is set to Via User and Zone Screens, YouTube for Schools is configured as part of the Content Filter policy.
|
1
|
|
2
|
|
3
|
|
4
|
Click the Policy tab.
|
|
5
|
Click the Configure icon for the CFS policy on which you want to enable YouTube for Schools. The Edit CFS Policy dialog displays.
|
|
6
|
Click the Settings tab.
|
|
7
|
Select the Enable YouTube for Schools checkbox.
|
|
9
|
|
10
|
Click the Custom List tab.
|
|
11
|
|
12
|
|
13
|
Click OK.
|
|
14
|
Click Add again.
|
|
15
|
|
16
|
Click OK.
|
|
17
|
Click OK.
|
These settings override any CFS category that blocks YouTube.
When the policy is applied, any existing browser connections are unaffected until the browser is closed and reopened. Also, if you have a browser open as administrator on the firewall, you will be excluded from CFS policy enforcement unless you configure the firewall specifically not to exclude you (select the Do not bypass CFS blocking for the Administrator checkbox on the Security Services > Content Filter page).
The SonicWALL CFS implementation of YouTube for Schools does not support HTTPS access to youtube.com. When youtube.com is accessed over HTTPS, the user will have unrestricted access to YouTube content. The following solutions can be implemented to work around this:
|
•
|
|
•
|
DPI-SSL cannot be used to block https://youtube.com, but only to allow it. So the DPI section above should not be part of the solutions that can be implemented to work around this.
In creating the above rule to block https access to youtube.com or www.youtube.com and s.ytimg.com, we have found that https://www.google.com is now also blocked, as well as https://drive.google.com and https://play.google.com/.
Other Google sites, such as calendar.google.com and gmail, work fine.
Creating FQDNS for the blocked site and creating an allow rule for the group also allows https://youtube.com to be accessed.