Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff

Created on ‎10-27-2023 09:16 AM Edited on ‎02-05-2024 08:48 AM By Moderator

Article Id 281430

Technical Tip: Blocking internet traffic but allowing access to specific YouTube Channel through Video Filter

Description This article describes how to block internet traffic but allow access to a specific YouTube Channel through the use of Video Filter.
Scope FortiOS 7.2+.
Solution

Internet traffic can be blocked by removing the LAN>WAN firewall policy. However, in some cases, administrators need to allow internet access to specific sites through a Web Filter profile that blocks all categories in FortiGuard Category Based Filter, then allow or exempt some sites through the URL Filter. For example, the administrator might block the Bandwidth Consuming category as well as Streaming Media and Download, but still want to allow access to a specific YouTube Channel that may be informative and useful for network users.

 

To block all categories in a FortiGuard Category Based Filter but allow a specific YouTube channel, the steps are as follows:

 

  1. Open the FortiGate GUI and select Security Profiles -> Video Filter. If it is not visible, open the CLI console and enter the following commands:

 

config system settings

set gui-proxy-inspection enable

end

 

After, enable or toggle System -> Feature Visibility -> Video Filter.

 

VideoFilter.jpg

 

  1. Open Security Profiles -> Video Filter, then select Create New, enable the FortiGuard Category Based Filter, select all categories by pressing Ctrl+A, and select Block.

 

ChannelExempt.jpg

 

  1. Scroll down and enter the YouTube API Key, then select Create New and add the Channel ID.

 

ChannelExempt2.jpg

 

  1. Create a Google account, such as a Gmail account.
  2. Open a browser window navigate to https://console.cloud.google.com/api/dashboard and login with the Google account.
  3. Create a New Project.

 

GoogleNewProject.jpg

 

  1. Enable YouTube Data APIv3.

GoogleAPI0.jpg

GoogleAPI0-1.jpg

 

GoogleAPI0-2.jpg

 

  1. Create a New Credential and copy the API Key.

 

GoogleAPI.jpg

 

GoogleAPI2.jpg

 

  1. After obtaining a Video Filter Profile, clone the default Application Control profile and block QUIC. If blocking all Application Control categories, make sure to allow YouTube in the Application and Filter Overrides. Furthermore, if applying Web Filter profiles in the firewall policy, exempt YouTube using RegEx youtube\.com and youtu\.be via Static URL filter.  

 

Quic.jpg

 

  1. Create or modify the corresponding Policy & Objects -> Firewall Policy and ensure that it is using a Proxy-based inspection mode and deep inspection. Select the Video Filter Profile and Application Control profile.

 

FirewallPolicy.jpg

 

  1. Open a browser and test YouTube video access. It should now be possible to play a YouTube video from the allowed channel while videos from other YouTube channels are blocked.

 

MT.jpg
2547
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.