This note is going to show how to stop some LAN clients from Youtube but still pass some other LAN clients. Since Google service (e.g., google maps, google drive) and Youtube sometimes uses the same IP address, using URL/Web Category Filter to block YouTube may block some of the Google services as well. However, we can use LAN DNS and IP Filter to prevent clients from accessing YouTube, and make sure other Google services are still available.
1. Set up LAN DNS for LAN clients to use SafeSearch Virtual IP for Google services: Go to LAN >> LAN DNS, click Add to establish a profile:
google.comin Domain Name
*google.com*in Alias Domain Name and save it
2. Force LAN DNS Redirection: Go to LAN >> General Setup, click on the LAN profile in use and enable DNS Redirection.
3. Add a IP Filter Group: Go to Firewall >> Filter Setup >> IP Filter, click Add:
4. Create an IP Filter to pass all the traffic from a group of IP which is allowed to watch Youtube. Click on the group created in step 3, and click Add to add a rule:
5. Select the Object after it was created, then click Apply to finish IP filter setting
6. Create an IP Filter to pass all traffic destined to other Google service, similar to Step 4. Click Add to establish a rule:
7. Add another an IP filter rule to block DNS queries for Youtube:
With the above configuration, clients with IP between 10.0.0.1~10.0.0.100 can access Youtube; but other clients can't because the DNS queries for YouTube from them are blocked. However, all the clients can access other Google services by the SafeSearch IP.
If YouTube is not blocked as expected, please try:
ipconfig/flushdnsin command prompt.
Was this helpful?