To restrict YouTube bandwidth usage based on the OS type of client devices, follow the configuration steps below.

1. Enable Dynamic Device and OS Identification.

Begin by enabling device and OS identification to allow FortiGate to classify endpoints by their software type:

• Go to System -> Feature Visibility and enable Dynamic Device & OS Identification.

• Go to the Interface connected to the internal network (Network -> Interfaces) and enable Device Detection.

2. Create Dynamic Address Objects for Each OS.

Define dynamic address entries to group devices by operating system:

• Go to Policy & Objects -> Addresses.
• Select 'Create New' and configure:
  • Type: Dynamic.
  • Subtype: Device & OS Identification.
  • Software OS: Choose the OS type (in this example, two Dynamic Addresses are created, an 'Android' and 'Windows' one).

Note:

Repeat this step to create separate entries for each OS type to control YouTube traffic for.

3. Configure a Shared Traffic Shaper.

Create a bandwidth limiter to be applied to YouTube traffic:

• Navigate to Policy & Objects -> Traffic Shaping -> Traffic Shapers.
• Select 'Create New' and set the following:
  • Type: Shared.
  • Maximum Bandwidth: (In this example, a Maximum bandwidth of 500 kbps is configured).
  • Priority: Low (optional, depending on network QoS design).

4. Create a Traffic Shaping Policy per OS Type

Apply the YouTube bandwidth limiter to traffic from each OS type:

• Navigate to Policy & Objects -> Traffic Shaping Policy.
• Select 'Create New' and configure the following for each OS:
  • Source: Dynamic address object created for the OS (in this example, both Dynamic address objects are added).
  • Destination: All (or restrict to YouTube-specific domains/IPs if preferred).
  • Application: Create an application group where all the listed YouTube applications are listed (as shown below).
  • Shared Shaper: Select the shaper created in Step 3.

5. Apply Application Control to Firewall Policy

Ensure that Application Control is applied to the traffic so that YouTube can be identified:

• Navigate to Policy & Objects -> Firewall Policy.
• Edit the outbound (LAN to WAN) policy.
• Under Security Profiles, enable Application Control.
• Attach the application control profile. If no custom application is configured, using the default application control profile will also be ok.

After testing the scenario, the logs indicate that the Traffic Shaper is applied only to traffic destined for YouTube and originating from the OS types specified as Sources in the Traffic Shaping Policy created in Step 4.

Since the 'Ubuntu' OS is not included among these sources, no Traffic Shaping is applied to it, and access to YouTube proceeds without any bandwidth restrictions.