Block YouTube App

[sy]

Hi,

We are working on it and tomorrow will publish a new DB. Thanks for your understanding and patience.

[sy]

Hi all,

The new DB was shipped. It updates automatically every hours and you can do it manually from Status page.

[Tomsauy]

So bad.... the result is the same [emoji20][emoji20]
I don't understand why...

[athurdent]

While I see some Youtube again now (1.19G), there are still 2.91G QUIC "unaccounted for" over the last 24h. That's from my son's iPad, and all he does ATM is watch Youtube.
QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).
Telefonica is now owned by O2, which is the DSL provider used for the iPad's traffic. So either they have setup google caching infrastructure at the ISP, or, more likely, there is some peer to peer for Youtube going on now, because the net's description is:
descr:          ADSL Pool Customers
and one of the IPs reverse resolves as:
dynamic-092-226-002-016.92.226.pool.telefonica.de
which usually is a dynamic PPPoE IP here.

[ittk]

So bad.... the result is the same [emoji20][emoji20]
I don't understand why...

Can you Post all your revent Version Infos from DB ...?

[ittk]

While I see some Youtube again now (1.19G), there are still 2.91G QUIC "unaccounted for" over the last 24h. That's from my son's iPad, and all he does ATM is watch Youtube.
QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).
Telefonica is now owned by O2, which is the DSL provider used for the iPad's traffic. So either they have setup google caching infrastructure at the ISP, or, more likely, there is some peer to peer for Youtube going on now, because the net's description is:
descr:          ADSL Pool Customers
and one of the IPs reverse resolves as:
dynamic-092-226-002-016.92.226.pool.telefonica.de
which usually is a dynamic PPPoE IP here.

Yes, did the same observation - with Vodafone as Internet Access Provider when QUIC comes Info place...

[ittk]

QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).

This Sounds thats sensei app detection only operates on layer 3/4 detection. This is not enough for the real App detection and control used in next Generation Firewalls -  as it must operate in upper Layer 5 up to 7. You must examine up to the Layer 7 to fully catch things like Youtube Video streams

[Tomsauy]

So bad.... the result is the same [emoji20][emoji20]
I don't understand why...

Can you Post all your revent Version Infos from DB ...?

Here is a screenshot of my installed DB version

[sy]

Hi,

I would like to check your system. We tested different Android devices and youtube is totally blocking with App policy. Please contact via Bug report on Sensei GUI and let's check on your system.

[Tomsauy]

I already have a ticket opened via report GUI, how do you want to check my system?

[Anael]

QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).

This Sounds thats sensei app detection only operates on layer 3/4 detection. This is not enough for the real App detection and control used in next Generation Firewalls -  as it must operate in upper Layer 5 up to 7. You must examine up to the Layer 7 to fully catch things like Youtube Video streams

In fact they always says it is 3,4 layer. We do not do ssl decryption as well. It's only SNI checking.

[ittk]

QUIC hosts drill down to 74.125.104.75 (Google) and 92.224.0.0/13 (Telefonica).

This Sounds thats sensei app detection only operates on layer 3/4 detection. This is not enough for the real App detection and control used in next Generation Firewalls -  as it must operate in upper Layer 5 up to 7. You must examine up to the Layer 7 to fully catch things like Youtube Video streams

In fact they always says it is 3,4 layer. We do not do ssl decryption as well. It's only SNI checking.

As you come form Fortinet you know it all. And yes, but this level (3 max layer 4) not not enough these days. So TLS up to v1.3 interception is required for the upper layer real app detection and also the more advanced malware scanning of network traffic which also totally lacks? Btw.: I don't see any real malware scan engine integration, yet now? Is it to come, soon?

And please, don't get it wrong, it's just all the good advice to further improve sensei ;)

@Tomsauy: I also had the strange issues that youtube app is not blocking while within live session view it was shown as blocked. i have fully reset of default the sensei plugin. and just enabled web control on highest level, and searched for app control (allwith youtube in it and also added quic). so far its seems to work, but currently i am not too convied it will keep so, as i have done this step already for the second time. And why cannot the APP DB really being updated with auto-update and install? Have not seen the feature, yet.

[sy]

Hi,

The inspection feature is in the works. Most probably early 2021.

ApplicationDB update feature is active but the latest DB config had an error and it fixed. So now Sensei updates DB automatically.

[Tomsauy]

Hi

After resetting all settings of Sensei, update DB and activate YouTube in app blocking, Google search and also Gmail are block......
I think there is a big trouble with last DB [emoji53]

[Tomsauy]

No update ?! [emoji53]