| Description | This article describes how to enable network access to YouTube Kids while YouTube is forbidden. In educational institutions (schools), there may be a requirement to deny/forbid access to YouTube and other applications belonging to the Streaming Media and Download category, while only allowing access to YouTube Kids. |
| Scope | FortiGate. |
| Solution |
Note: Make sure that the action of the custom category in the Web Filter Profile is set to Monitor. By default, the action is set to Allow.
The CLI syntax is as follows:
config webfilter ftgd-local-rating edit "www.youtubekids.com" show config webfilter ftgd-local-rating edit "www.youtubekids.com" set rating 140 next end end show webfilter profile YT_Flow config webfilter profile edit "YT_Flow" config web end config ftgd-wf unset options config filters edit 1 set category 1 next edit 2 set category 2 set action warning next edit 3 set category 3 next edit 4 set category 4 next edit 5 set category 5 next edit 6 set category 6 next edit 7 set category 7 set action warning next edit 8 set category 8 set action warning next edit 9 set category 9 set action warning next edit 11 set category 11 set action warning next edit 12 set category 12 next edit 13 set category 13 set action warning next edit 14 set category 14 set action warning next edit 15 set category 15 set action warning next edit 16 set category 16 set action warning next edit 19 set category 19 next edit 24 set category 24 next edit 25 set category 25 set action block next edit 26 set category 26 set action block next edit 59 set category 59 next edit 62 set category 62 next edit 83 set category 83 set action block next edit 96 set category 96 set action block next edit 98 set category 98 set action block next edit 99 set category 99 set action block next edit 57 set category 57 set action warning next edit 63 set category 63 set action warning next edit 64 set category 64 set action warning next edit 65 set category 65 set action warning next edit 66 set category 66 set action warning next edit 67 set category 67 set action warning next edit 61 set category 61 set action block next edit 86 set category 86 set action block next edit 88 set category 88 set action block next edit 90 set category 90 set action block next edit 91 set category 91 set action block next edit 140 set category 140 set log disable next edit 141 set category 141 set log disable next edit 72 set category 72 next edit 75 set category 75 next edit 76 set category 76 next edit 36 set category 36 set action block next edit 37 set category 37 set action block next end end next end show firewall policy 1 config firewall policy edit 1 set name "Port2_to_Internet" set uuid 23b999ac-1cd4-51ef-46bc-84bfdcad6a5b set srcintf "port2" set dstintf "port1" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "Clone of certificate-inspection" set webfilter-profile "YT_Flow" set logtraffic all set nat enable next end |
