@pcraponi wrote:
When you block the FQDN youtube.com, the controller resolve the DNS to IP and block the IP as a firewall police. However, Google use the same IP range for more than one service. This method it's not the best way to do this.
You will need to wait ArubaOS 6.4 (AppRF 2.0) that will provide "apps signatures" and works fine with this.
Regards,
Paulo Raponi
Good point. I will not comment on any roadmap item here but in the firewall denies, I am looking for non http/https ports that are looking to connect. I would suggest that those are allowed while 80/443 remain blocked IF those ports are truly not being used in the background.