garlyvy photyne enduring
Chanelle Kirksey
As streaming services and binge-watching continue to grow in popularity, researchers have begun to discover the true impact of this new method of consuming media. You may already know that staring at a screen for several hours can lead to eye strain and headaches, but the harmful effects of binge-watching over long periods of time can be even more severe.
Recurring block sessions are perfect for people with consistent schedules who know when they need to stay focused and when they can afford to relax. When you set up a recurring session, you can put a block in effect for specified time periods on certain days of the week.
You can also put this block session into effect across all of your iOS devices. For example, you can block all of your favorite streaming sites on weeknights if you want to save your binge-watching for the weekend. You could also block them for most of the day and leave them unblocked for an hour or two after dinner as a reward for taking care of your responsibilities.
Ok, don't shoot the messenger but I was asked to see if I could unblock the queue management area for Netflix but still block the streaming media part of it... We're using the URL filtering capabilities of the PA 2050 device and I have a policy defined that's based on an Active Directory user group to filter traffic. I'm not sure how I would go about doing this, any thoughs?
Its pretty basic, your going to create a rule that precedes your URL filtering rule. The rule will be from trust to untrust application will be "netflix" and action will be drop.
Has Palo Alto changed the Netflix signature recently? In September we had blocked the application per Phil's suggestion earlier in this thread and people were able to login and manage their queue but couldn't view any movies. This morning, though, I wasn't able to login anymore. Thanks --
@cshep: you would have to review all of the release notes to see what has changed between each version of the content update to see if PAN engineering have updated any particular application signature(s).
If you see the block in either the "traffic" or "threat" logs then that would be due to either an application update or an antivirus update. If you see the block in the URL filtering log then it is your URL filtering profiles that need examination.
I would say looking at the logs should give you an indication of whats going on with the block. I have a handful or preset filters for looking at that kind of thing. I'm running 3.1.4 code with the latest app and threat updates and have just noticed I'm unable to get to the netflix.com queue. I can get to the sites front page however loggin in doesn't happen. When I look at the traffic log is see a deny for netflix based on the app, i don't see anything blocked in the URL log for netflix so it's definately the app. I'd have to look back as well but I'm guessing a app and threat update changed something.
If you require assistance resolving this issue I would suggest posting some screen shots of the traffic, URL filtering and threat logs to this thread so that we can do some detective work and find the root cause of the issue.
We have a Firepower 4115 that we just recently migrated from ASA to FTD. We are looking to block netflix. We don't yet have the licensing in place to do URL filtering, so we have defined a netflix.com FQDN object and have an access list rule to block that. This seems to only work part of the time. We believe it was working correctly under ASA. Is it possible to block netflix at the firewall without URL filtering?
Since the FQDN option is hit or miss for your scenario I would recommend testing the block via application filters. If you edit your ACP go to applications tab and search for Netflix. There should already be Cisco provided Netflix filters. HTH!
I think you need URL license to do it proberly.. And i think the reason you see the block with fqdn netflix.com only works part of the time, is if users go to netflix.yyy then your acl wont block it. I dont know if you can do a wildcard fqdn in your access list so netflix.* and problably you should do *netflix.* if possible.
which ever geo location you in you do nslookup and upload the file (if you using FMC) go to objects-->security intelligence-->network list and feeds--->Add network list and feeds---> here a pop up will appear called it any name you want in "Type" call your text file and upload it.
Thanks for the response. Can you provide details as to how I might accomplish. I run a home office where I need speed fusion for speed but had to disable it due to the fact my wife could not watch Netflix. It was not allowing the connection.
I have a balance with 3 DSL, each around 10 down 1 up and i was very excited to see that watching a 4k video uses all 3 lines at once. So netflix is working really good in this scenario. As you know exactly which networks are behind your VPN you can setup VPN outbound policies on base of the destination network policy and have local internet outbreak on your home router.
It is based on how a service provider (like Netflix) classifies an individual or block of public IP addresses.
One of they ways they do this is by ASIN numbers to figure out who owns what IP addresses and what they are been used for.
I am located in Washington, DC (zip code: 20003) and I am no longer able to watch Netflix programming. My SpeedTest results look great and Amazon and SlingTV are available, so my network connection appears to be ok. Wondering if Verizon has somehow started blocking Netflix servers in my area?
hawkpilot, I know that I too would want to ensure I could keep up with my favorite series as well. We are here to help out. How are you watching your favorite shows? Are you using a cell phone and the streaming app, connecting a wireless hotspot or personal WiFi jetpack to a smart TV, PC, or tablet/gaming console? What happens when you try to run that streaming service?
The primary method of viewing is via a wireless hotspot and smart TV but is also present with the cell phone app. When loading content from Netflix, loading will stop at 25% and then timeout with a message that there is no connection. This does not happen with other streaming services or with other Netflix users in the area not on Verizon. Diagnostics inside the Netflix app will show that the app can not reach the Netflix servers.
That sounds like a netflix issue....first I would try uninstalling and reinstalling netflix....to see if that helps at all....if not I would contact Netflix, if all of your other streaming services are working correctly, it is most likely something to do with netflix
@corigurl Your suggestions were part of the initial troubleshooting steps performed and there was no change. I have spoken with Netflix and they tell me all looks good on their end and no issue. I have also been able to use the same smart TV/app configuration with a wifi signal from another provider and Netflix worked perfectly. By process of elimination, the root cause appears to be Verizon Wireless not allowing connection through/to the Netflix servers. I have read about Verizon Wireless throttling bandwidth to certain streaming providers, but was unaware of any outright blocking efforts. Is anyone else experiencing a similar issue?
I have verified with resources here and can confirm that there are no such similar issues reported. Are you looking for assistance to block Netflix stream in-order to retain bandwidth on the network? Streaming Netflix may cause bandwidth issues but under many conditions such as ISP provided bandwidth is low, stream happens during peak hours when users are in being productive, etc,.
I don't want to block Netflix. My client wants his Netflix to work like it did before we added the SonicWall appliance. The latency just gets really bad. I'm new to Sonicwall and would like to fix his issue but nothing seems to work.
Thanks for providing me some background about the issue. If the bandwidth issue persists only for Netflix stream, could you please check if you have configured any Bandwidth Management on the SonicWall? Please use below KB article as a reference to locate the BWM settings on the SonicWall.
@ChristianSHansen Hello. First, I would suggest opening a support ticket. Second, you could create a new rule just for Netflix and disable DPI or add exclusions for some of the Security Services (GAV comes to mind). Third, you could implement a QoS mechansim. There are many potential items to look at.
Once again, may best to speak with support and get some knowledge transfer as well. BTW, I typically have every TV in the house using a streaming service (Netflix, Prime, u name it,) and I will be on Xbox listening to youtube and sometimes downloading. I have done all this and more on a 570, 670, 2700, 2650, etc. It's just a learning curve sir. Open a support ticket and report back with your solution or ask your local SE to assist as well. - Sincerely, Marco Octavian
Okay, I have not configured any Bandwidth Management. Pinging the SonicWall's LAN interface IP I only lost 1 packet. My client doesn't want to pay for a support contract. We have not licensed any Security Services. We only purchased the TZ270. Where do I go to view the Logs? I think I found the System Logs under the Logs menu found in the Monitor navigation menu. I don't see any errors or anything like that.
I tried that but it didn't seem to help any. Now I cannot connect to the internet even when no video streaming is happening. When I reboot the firewall it allows traffic for about 2 minutes and then it is completely hosed again. As Saravanan suggested I am going to do a factory reset and start over.
By the time students return from spring break, on March 18, access in classrooms will be blocked for bandwidth-eating movie and TV services Netflix and Hulu, the Steam gaming site, music services iTunes, Pandora and iHeartRadio, and Apple updates. Special areas in all academic buildings will be set up to access those sites.
90f70e40cf