Tags:


Notable Replies

  1. Hi Sandra,

    I’m not sure but there might be a limit on the number of URLs. If you have many websites to block like facebook or youtube you might want to lookup their IP address ranges and block those instead.

    Rene

  2. Unfortunately, can’t block https (youtube, mail.ru, etc)
    Instead create access-list and deny all ip for approxx 30 addresses for youtube.
    Is another way to block youtube for example?

  3. Hi Vitaly,

    HTTPS won’t work since NBAR can’t look into the packets. I don’t think Youtube publishes a list of all IP addresses that they use, maybe you can lookup their AS number, find the IP addresses and block those:

    https://www.ultratools.com/tools/asnInfo

    If you enter “Youtube” you can see that they use AS36561 and AS43515. You can lookup those IP addresses and block those.

    Perhaps a better method would be to fix this using DNS. Use your DNS server so resolves youtube.com to a custom webpage and configure your firewall so users can’t use another DNS server.

    Rene

  4. Hi Rene,
    In order for NBAR to work, it should have been enabled previously on the router, right?
    Cisco1841(config)#int vlan 1 Cisco1841(config-if)#ip nbar protocol-discovery
    Thank you!

  5. Hello Adrian

    Yes, that is correct.

    I hope this has been helpful!

    Laz

Continue the discussion forum.networklessons.com

4 more replies!

Participants