Security

Reply
New Contributor
Posts: 4
Registered: ‎02-21-2014

Allowing YouTube iOS app thru Guest WLAN

[ Edited ]

My Captive portal and Guest WLAN access for web and email are working fine without any issues, but I can not figure out the required firewall ACL to allow YouTube iOS app on Guest WLAN.

 

With a simple Google search, I find many hits on transparent proxy setup that is required for the app.  Can anyone help me on this implementation on my 650 controller?  I am currently running 6.3.1.2 release.

 

Sample google search on "ios youtube app firewall".

https://productforums.google.com/forum/#!topic/youtube/4vyNLc41d34

 

Guru Elite
Posts: 8,202
Registered: ‎09-08-2010

Re: Allowing YouTube iOS app thru Guest WLAN

[ Edited ]

The issue with media sites these days are that they use content delivery networks which use different dns names and IPs which are regionally distributed. This makes using a traditional netdestination with DNS name (*.youtube.com) not possible. The YouTube page will load, but the actual media streams will end up blocked.

 

Newer controllers support AppRF 2.0 in AOS 6.4 which is actually able to fingerprint the YouTube traffic and allow you to use it in a session ACL.

 

You could try allowing *.googlevideo.com but that may not catch everything.

 

google-video.PNG

 

google-video-netdest.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎02-21-2014

Re: Allowing YouTube iOS app thru Guest WLAN

Looks like AppRF is not supported on 650 contoller.

Guru Elite
Posts: 8,202
Registered: ‎09-08-2010

Re: Allowing YouTube iOS app thru Guest WLAN

[ Edited ]

Yes. You would have to try allowing the Google video cache DNS names in your ACLs. You may have to do a packet capture to figure out the different sites but you may be safe with *.youtube.com and *.googlevideo.com.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎02-21-2014

Re: Allowing YouTube iOS app thru Guest WLAN

Do you mean to allow inbound connection from those hosts? I don't think I am currently blocking any hosts outbound on guest WLAN.

Thank you for the detailed information so far.

 

New Contributor
Posts: 4
Registered: ‎02-21-2014

Re: Allowing YouTube iOS app thru Guest WLAN

To be clear, this only impacting iOS YouTube application on iPhone and iPad; I have not tested the Android YouTube app yet.

The browers on Mac and PC has no problem accessing the YouTube web services.

Guru Elite
Posts: 8,202
Registered: ‎09-08-2010

Re: Allowing YouTube iOS app thru Guest WLAN

I did a quick packet capture of an iPhone with the YouTube app. Here are the destinations:

 

youtube-iphone-pcap.png


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 8,202
Registered: ‎09-08-2010

Re: Allowing YouTube iOS app thru Guest WLAN

And Android.

 

youtube-android-pcap.png


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: