Description
This article describes how to allow YouTube channels while blocking all the other videos.
Only the videos from that channel will be reproduced.
Scope
FortiGate v7.0.11+.
Solution
With the video filter profile, it is possible to filter YouTube videos by channel ID for a more granular override of a single channel, user, or video.
The video filter profile is currently supported in proxy-based policies and requires SSL deep inspection.
It is recommended the use of YouTube API key, FortiGate extracts the video ID (vid) and tries to check the category and channel from the local cache. If there is no match from the local cache, it connects to the FortiGuard video rating server to query the video category. If the FortiGuard rating fails, it uses the videofilter.youtube-key to communicate with the Google API server to get its category and channel ID.
To create the YouTube key:
Select the Project, go to Navigation Menu -> APIs & Services -> Credentials:
Select 'Enabled APIs & services', and select 'ENABLE APIS AND SERVICES':
Select 'YouTube Data API V3'. Enable the API:
Select 'Credentials', then CREATE CREDENTIALS -> API Key:
Copy the API key and set it on FortiGate through CLI:
config videofilter youtube-key
edit 1
set key *****************
next
end
To configure a video filter from GUI.
config system settings
set gui-proxy-inspection enable
end
Note that for versions higher than 7.4.x, the configuration is slightly different, because the 'config videofilter youtube-channel-filter' feature line is not available. Only available 'Keyword", 'profile' and 'youtube-key':
config videofilter
keyword Configure video filter keywords.
profile Configure VideoFilter profile.
youtube-key Configure YouTube API keys.
Due to this, in the 'Config videofilter profile' it must manually create the default action 'Block' to block 'any' categories of videos not allowed as follows:
Run the below commands to check in the CLI:
fermion-kvm57 # diagnose test application wad 1000
fermion-kvm57 # diagnose wad debug enable level verbose
fermion-kvm57 # diagnose wad debug enable category video
Debug messages will be on for 30 minutes.
fermion-kvm57 # diagnose debug enable
[V][p:29565] wad_video_filter_on_ftgd_video_rating:1568 task=0x7f37312b81c8,state=5
[V][p:29565] wad_vf_task_on_ftgd_resp :1519 task=0x7f37312b81c8 received ftgd resp, resp ok
[V][p:29565] wad_vf_task_on_ftgd_resp :1530 category_id=6
[V][p:29565] wad_youtube_source_req_alloc :615 req=0x7f372cc69c08
[I][p:29565] wad_youtube_api_req_video_info :554 video info req submitted ret=1
[I][p:29565] wad_vf_task_check_api :1747 task=0x7f37312b81c8 waiting for youtube api video info
[V][p:29565] wad_vf_async_task_run :1884 end of async task ret=0
[I][p:29565] wad_youtube_api_video_info_cbs :448 hreq=0x7f372fcd04d8, code=2
[V][p:29565] wad_ytf_task_on_api_fail :1705 task=0x7f37312b81c8,state=8,fail_msg=failed to get video info response
[V][p:29565] wad_youtube_source_req_close :586 req=0x7f372cc69c08
[I][p:29565] wad_vf_sync_task_proc_async_result:2090 task=0x7f37312b81c8 item=0x7f3729d8d048
[V][p:29565] wad_vf_sync_task_proc_async_result:2126 ctx(0x7f3731611408) category result is block
[I][p:29565] wad_vfc_client_add :233 oid=4226947919158231301
vfc-core add new item, item's value:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.