Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2017
Views
0
Helpful
2
Replies

Ironport S160 not blocking netflix on Apple devices only

Steve Coady
Level 1
Level 1

‎10-03-2011 09:14 AM

Hello

I have created a custom URL filter, however not all of the Netflix feeds are blocked. This only seems to be happenig on Apple products

Ironport infor:

Product: IronPort S160 Web Security Appliance

  Model Number: S160

  Version: 7.1.2-080

  Serial Number: 00219BFB0375-D6BZJH1

  Number of CPUs: 1

  Memory (GB): 4

  Current Time: Mon Oct  3 11:05:53 2011

  Feature "L4 Traffic Monitor": Quantity = 1, Time Remaining = "Perpetual"

  Feature "HTTPS": Quantity = 1, Time Remaining = "Perpetual"

  Feature "URL Filtering": Quantity = 750, Time Remaining = "471 days"

  Feature "Web Proxy & DVS Engine": Quantity = 1, Time Remaining = "Perpetual"

Please advise

thanks

sMc
Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎10-03-2011 10:25 AM

Steve,

My guess is that the Apple products aren't being forced to authenticate, and unauthenticated users are allowed out...

I'd set your "Global Policy" to block Netflix (Web Security Manager>Access Policies... the bottom one).  If you need some people to be able to hit netflix, you can set that in a policy ABOVE the global policy (WSA policies work top down, left to right...)

SSH to the box, run grep, use the ip of an Apple box as the search and tail the log.  Then have the Apple box hit Netflix.  You'll see what the WSA thinks is going on...

Ken

0 Helpful

charpentierr
Level 1
Level 1

‎10-12-2011 02:10 PM

The best thing to do in this case is to create a new Identity for Apple users only. That way you can segragate what traffic is allowed where. To do this, use the below instructions.

1- Create a new Identity and name it Macintosh

     a- Set the "Define Members by Protocol" to "All"

     b- Set "Define Members by Authentication" to "No Authentication"

     c- Select the "Advanced" hyperlink to open the "Advanced" options and click on "User Agents"

          i- Enter each User Agent that I have listed so that Ironport can identify Apple devices and apply this Identity

               macintosh, Macintosh, iPhone, iPad, iPod, iTunes, MacBook

          ii- Set "Match User Agents" to "Match the selected user agent definitions

          iii- Select the "Done" button

     d- Select the "Submit" button

2- Create a new Access Policy and name it Macintosh

     e- Set the "Identities and Users" feild to "Select One or More Identities" and than select the "Macintosh" Identity that you just created

     f- Select the "Submit" button

3- Create a "Custom URL Category" and name it Macintosh

     g- Add the URL's that you wish to be blocked in the URL field

          iv- Be sure to include a "." before the url

               - Use this example as a reference - .yoururlhere.com

               - The "." acts as a .* in this case saying that include anything before

     h- Select the "Submit" button

4- Go back to Access Policies and click on the "URL Filtering" hyperlink for the Macintosh Access Policy

     i- Select the "Select Custom Categories" button

     j- From the drop down for the Macintosh Custom URL Category, select the "Include" option

     k- Select teh "Apply" button

     l- Put a checkmark in the "Block" box that corresponds with the Category that you just added.

     m- Select the "Submit" button

5- Click the "Commit" Changes button to make the new policies active

Let me know if you have any questions.

0 Helpful
Customers Also Viewed These Support Documents