This is a special situation but can be solved via another but more complex Advanced Correlation Scenario.
- allow all users to use YouTube connections outside the office hours
- restrict new YouTube connections within the business hours:
- allow new streams for 5 minutes
- afterwards block new YouTube connections for 1 hour
To achieve this, we need:
- 2 Dynamic Network Objects: a 5 minutes list and 1 hour list
- 6 rules which handles the traffic and the clients lists (5 minute & 1 hour list).
Attention: This scenario is not able do STOP any ongoing YouTube streams!
Create the Advanced Correlation Scenario
At first we need the Scenario container for the rules - push ADD and enter a name like "Allow YT for 5 min per hour"
Create the required Dynamic Network Objects
The 5 Minutes List
This DNO will store up to 1.000 clients for 5 minutes (= 300 sec.)
Push ADD and enter the name of the list, e.g. "YT 5 min List"
The 10 Min List
The second list (DNO) will store up to 1.000 clients for 1 hour (60 x 60 sec. = 3.600 sec.)
Push ADD and enter "YT 10 min List"
As result we can used these DNO:
Now we are prepared to create the rules.
Creating the rules
Rule 1 for all traffic except YouTube
Push ADD and enter a name like "Allow all traffic except YouTube"
Because we wanna ensure that YouTube connections only are handled by this rule we allow all others (for this scenario!)
So, we the the rule to exclude YouTube via Classification condition:
All matching connections shall be allowed, no further checks by this scenario:
Rule 2 - Allow Members of the 5 min. List
This rule allows YouTube access during the office ours for clients which are already members of the 5 min list.
Push ADD and enter a name like "Allow members on 5 min list":
Conditions are the office hours, the 5 min list and YouTube content:
And the Final Action will be set to Allow:
Rule 3 - Reject Members of the 10 min. List
If a client already used YouTube within the past 1 hour he is not allowed to request new YouTube content. He needs to be rejected.
Push ADD and enter a name like "Reject members of 10min list":
We're setting the proper Schedule , Source and Condition :
Finally we will reject the traffic & no other conditions of this "Allow YT for 5 min per hour" Scenario:
Rule 4 - Add Client to the 5 min. list
If the user started a new YouTube connection but was neither on the 5 min list nor on the 1 hour list, we must take care of him.
So, let's add the client to the 5 min list.
Push ADD and name this rule "Add client to 5 min list":
If the connection was recognised as YouTube connection within the office hours:
the client will be added to our 5 min list:
After saving this rule the client can be added to the 5 min list ...
Rule 5 - Add Client to the 1 hr. list
... but needs to be added to the 1hr list as well using the same procedure
Push ADD again, name this rule "Add client to 10 min list" & set the conditions and action:
Rule 6 - Allow YouTube Traffic
If a client will reach this final rule he:
- was not using YouTube within the passed 1 hour
- is within the business hours
- is new on the 5 min list
- is new on the 10 min list as well
Now he shall be allowed to use YouTube, thats quite easy:
If everything was setup as described, the Advanced Correlation Scenario for YouTube usage will look like this: