Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff

Created on ‎06-15-2020 11:42 PM Edited on ‎09-25-2024 02:34 PM By Moderator

Article Id 197740

Technical Tip: Restrict YouTube access to specific channels

Description


This article describes how to use this feature to block or only allow matching YouTube channels. This Web filter feature is also called' Restrict YouTube access to specific channels'.

 

Scope

 

FortiOS 6.4.x and below.

Solution

 

Note: 'Restrict YouTube access to specific channels' option only exists in FortiOS 6.4.x and below. For FortiOS 7.0.x and above, use the Video Filter by referring to Filtering based on YouTube channel.

 

  • To use YouTube access to specific channels, the streaming media and download category should be allowed or monitored. 

 

ssenthil_1-1656948246501.png

 

  • Block the specific applications using application control. 


To enable this feature from the GUI. 

 

  1. Go to Security Profiles -> Web Filter and go to the 'Proxy Options' section.
  2. Enable 'Restrict YouTube access to specific channels'.


  
  1. Select 'Create New' and specify the Channel ID.
 
Identifying the YouTube channel ID.
 
The following table lists how to identify the YouTube channel ID based on different YouTube video URL formats:
 
Video URL.

Channel ID.
www.youtube.com/channel/<channel-id> <channel-id> indicates the ID for the channel.
www.youtube.com/user/<user-id>

Open the page source and locate:

<meta itemprop="channelId" content="<channel-id>">

<channel-id> indicates the channel ID for the user page.
www.youtube.com/watch?v=<string>

Open the page source and search for 'channelid'

For example: In Chrome.

3 dots ->More tools -> Developer tools -> Sources -> Page -> Top ->www.youtube.com -> s -> watch?v

-> In the middle panel search for 'channelid', which may be something like "channelId": "UCGzuiiLdQZu9wxDNJHO_JnA",
 
 
 
  1.  Select 'OK' and the option shows the Channel ID and its link.
 
 
To enable this feature from the CLI.
 
config webfilter profile
    edit "webfilter"
        set youtube-channel-status whitelist  <----- whitelist: only allow the traffic belonging to this channel id and relative identifiers, 
blacklist: only block the traffic belonging to this channel id and relative identifiers and allow the other traffic to pass.
            config youtube-channel-filter
                   edit 1
                       set channel-id "UCGzuiiLdQZu9wxDNJHO_JnA"
                   next
            end
    next
end
 
NoteDeep inspection is required to inspect the traffic. Also, block QUIC protocol using application control or UDP 443, this way the connection will be over TCP/UDP.
 
Also, Application control has to be set to Monitor for the YouTube application signature, as well as the YouTube_Channel.ID signature.
37166
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.