Google apps bypasses Sonicwall youtube restriction

'putertutor

'putertutor

Well-Known Member
Reaction score
75
Location
Montana
Running a small computer lab (classroom) and I am having an issue with a sonicwall content filter. (TX350; SonicOS Enhanced 6.5.4.7-83n) with Server 2019.

Youtube is blocked in cfs, which works fine for Users in group A, who have no access to google or any of their services. Users in group B, however, that's a different story.

A Group B user is initially blocked when they type the url into the address bar. However, if they use the youtube link from their google apps list, that bypasses the content filter. Oddly, from that point on, youtube is not blocked by any means. From the moment they click the app, from then on they can type in the url and my content filter is bypassed.

This is also computer specific. If they log into a different machine, typing the url initially results in a block, but after clicking the link, they can bypass the content filtering from then on on that second computer.

youtube.com, youtube.* have been blacklisted. I have also blocked Multimedia in the cfs profile for Group B.
 
DNS based filters along with a bypassed DNS infrastructure up against a Google owned CDN that's intentionally unified to prevent any and all content controls

Looks to me like the Sonicwall is working exactly as intended.

Google has controls for educational institutions that are special, if you want to control it... I suggest you look there.
 
Right, so outside of blocking all google services, is there a workaround?

We have recently completed our accreditation and will be implementing googles education workspace, but that is 4-6 weeks away. Until then, I'm hoping for a solution, temporary as it may be.
 
Nope, because all things Google are exactly that... and once SSL gets involved it's an incomprehensible, unfilterable mess. You either use SNI to block the entire domain, or you do nothing.

One of Google's stated mission objectives in life is to fight censorship... Content control is censorship, they do not make it easy, and they do it on purpose.
 
QUIC..yeah, Google Chrome sorta has its own protocol, Google gets to play by different rules.
Seems Rob found the Sonicwall way to manage it, Untangle has a similar setting for QUIC

SSL Inspector FAQs - UntangleWiki

wiki.untangle.com wiki.untangle.com

Getting frustrating to manage that..esp for schools....how to manage YouTube 'n other Google things...not to mention the insane cat and mouse game of proxies/VPN that the kiddos use.
 
You must log in or register to reply here.

Similar threads

GTP
Opening Youtube links in a specific program.
Replies
15
Views
669
GTP
GTP
thecomputerguy
Unique setup ... weird audio recording issue ... pictures included.
Replies
8
Views
305
Diggs
Diggs
callthatgirl
How to Import Contacts into New Outlook
Replies
0
Views
227
callthatgirl
callthatgirl
britechguy
Which Outlook has touched your Google Account, and when, makes a difference in what Microsoft apps & services can access
Replies
3
Views
547
John Kennedy
John Kennedy
HCHTech
Interpreting "Risky Users" in Microsoft Entra admin center
2
Replies
31
Views
3K
britechguy
britechguy
Back
Top