Skip to main content
ibituya
Staff
ibituya
Staff
December 16, 2024

Technical Tip: YouTube video Filtering based on FortiGuard Categories without API key

  • December 16, 2024
  • 0 replies
  • 2028 views
Description

This article describes creating a video filter profile to restrict YouTube videos based on FortiGuard categories without using an API key.
Scope

FortiGate v7.0.0 and later.
Solution

The video filter profile is an additional security feature that can restrict YouTube videos based on FortiGuard categories. The following points should be taken into consideration when enabling a video filter:

  • The video filtering service requires a valid FortiGuard web filter license.
  • The video filter profile is currently supported by proxy-based policies.
  • SSL deep inspection is required when enabling a video filter profile.
  • It is recommended to block the QUIC protocol in the application control profile while applying the video filter profile to allow the FortiGate to successfully inspect the traffic using TCP/443.

 

To configure the video filter based on FortiGuard categories:

  1. Create the video filter profile under Security Profiles -> Video FilterIf the Video Filter is not visible, enable it under System -> Feature Visibility. Refer to Technical Tip: Enabling Video Filter on FortiGate.
  2. Enable FortiGuard Category-Based Filter and select the needed action for each category (allow/block/monitor). For example, in this case, the Sports category is set to Block.

 

ibituya_0-1734335117601.png

 

  1. Create the firewall policy and enable the video filter.

 

Note:

Proxy-based inspection and SSL deep inspection are required with a video filter. To enable deep inspection, refer to: Technical Tip: How to enable deep inspection and import a certificate in the browser.

 

ibituya_1-1734335117608.png

 

  1. The block page will be displayed if a sports-related video has been accessed.

    ibituya_2-1734335117612.png
  2. If it's not working, create a policy to block QUIC and move the policy above the actual policy.

 

video filtering quic.png

 

Troubleshooting:

How to verify if the FortiGuard video filtering license is valid:

 

fortiguard.png

 

The videofilter license should be synchronized with the webfilter license.

 

To verify the WAD worker is running:

 

wadworker.png

 

To display and debug the video filter cache:

 

appwad.png

 

To enable real-time WAD debugs:

 

diagnose wad debug enable level verbose

diagnose wad debug enable category video

diagnose debug enable

 

Example output:

 

sample.png

 

Special note:
Starting from v7.4.4, Proxy-related features are no longer supported in FortiOS. This change affects models 30G, 40F, 50G, 60E, 60F, 80E, and 90E series devices, including their variants (FortiWifi, FortiGate-3G4G, FortiGate-5G, FortiGate-POE), as well as the FortiGate-Rugged 60F (2 GB versions only).

Refer to this document for more information: Proxy-related features not supported on FortiGate 2 GB RAM models.

 

To restrict a YouTube channel with an API key, follow the article Technical Tip: How to restrict YouTube channels using video filtering.

 

Related documents:
Terms & ConditionsAccessibility statement