FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vhitnal
Staff
Staff
Description
This article explains how to use video filtering.

Solution
With the video filter profile, you can filter YouTube videos by channel ID for a more granular override of a single channel, user, or video.
The video filter profile is currently supported in proxy-based policies and requires SSL deep inspection.

To configure a video filter from GUI.

1) Go to Security Profiles -> Video Filter and select 'Create New'.
2) In the Channel override list section, select 'Create New'. The New Channel Override Entry pane opens.
- Enter a Channel ID and select an Action.





- Select 'OK'.

3) Optionally, enable 'Restrict YouTube access' and select a setting (Moderate or Strict).




4) Select 'OK'.
5) From CLI, enable the YouTube API query:
# config videofilter youtube-key
    edit 1
        set key ********
        set status enable
    next
end
6) Create the firewall policy:
- Go to Policy & Objects -> Firewall Policy and select 'Create New'.
- For Inspection Mode, select Proxy-based.
- Enable 'Video Filter' and select the profile created.
- For SSL Inspection, select 'deep-inspection'.





- Configure the other settings as needed and select 'OK'.

To configure a video filter from CLI.

1) Create the channel filter:
# config videofilter youtube-channel-filter
    edit 1
        set name "channel_filter"
# config entries
    edit 1
        set action block
        set channel-id "UCJHo4AuVomwMRzgkA5DQEOA"
    next
end
    next
end
2) Create the video filter profile:
# config videofilter profile
    edit "channel_filter"
        set youtube-channel-filter 1
        set youtube-restrict strict
    next
end
3) Enable the YouTube API query:
# config videofilter youtube-key
    edit 1
        set key ********
        set status enable
    next
end
4) Create the firewall policy:
# config firewall policy
    edit 1
        set name "video-filter"
        set srcintf "port1"
        set dstintf "port5"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set inspection-mode proxy
        set ssl-ssh-profile "deep-inspection"
        set videofilter-profile "channel_filter"

        set nat enable
    next
end
Vimeo.

The video filter profile includes a setting to restrict Vimeo access, which can only be configured from  CLI.

To restrict Vimeo access.
# config videofilter profile
    edit <name>
        set vimeo-restrict {7 | 134} <-----Set the Vimeo restriction (7: do not show mature content, 134: do not show unrated and mature content).
    next
end

Contributors