- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to block YouTube.com using CFS 3.0 (SonicOS 5.8.0 and above)
03/26/2020 
1,003 People found this article helpful
104,040 Views
Description
How to block YouTube.com using CFS 3.0 (SonicOS 5.8.0 and above)
Resolution
Feature/Application:
This KB article describes how to block youtube.com (HTTP and HTTPS) using SonicWall Content Filtering Service (CFS) 3.0. SonicWall CFS 3.0, which was introduced in SonicOS 5.8.0.0, uses HTTPS Content Filtering to block HTTPS sites. The CFS 3.0 implementation uses HTTPS Content Filtering to look up the host name from the Server Name extension in the SSL Client Hello message, if the browser supports SSL Server Name extension, or the Certificate Common Name (CN) in the Server Hello message.
However, this method will not work if 1) the browser does not support Server Name Extension in the Client Hello message 2) the Common Name (CN) in the Certificate message does not correspond to the host name being accessed. You could work around this problem by blocking those SSL / TLS versions not supporting Server Name extension. Refer this KB article to block SSL versions, UTM: How to Block SSL / TLS versions using Application Control Advanced (5.8 onwards). Alternatively, you could use DPI-SSL.
Procedure:
- Login to the SonicWall management GUI.
- Navigate to the Security Services > Content Filter
- Click on the Configure button under Content Filter Service to open the SonicWall Filter Properties window.
- Enable check box Enable HTTPS Content Filtering
- Add youtube.com under Forbidden Domains in the Custom List tab. Depending on the CFS deployment, the host name can also be entered in policy-based Custom List.
Enabling CFS on zones
- Navigate to Network > Zones
- Click on the configure button under the zone you want to enforce CFS.
- Check the box under Enforce Content Filtering Service.
Testing:
From a host behind the SonicWall try to access youtube.com and you will get the following error in the web-browser:
The following message will be logged in the SonicWall under Log > View
Related Articles
- ‘Error sending one-time password’ encountered when connecting to NetExtender
- Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSsp series
- Supported SonicWall and 3rd party SFP and SFP+ modules that can be used with SonicWall NSA series
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO