FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff
Article Id 197740

Description


This article describes how to use this feature to block or only allow matching YouTube channels. This Web filter feature is also called' Restrict YouTube access to specific channels'.

 

Scope

 

FortiOS 6.4.x and below.

Solution

 

Note: 'Restrict YouTube access to specific channels' option only exists in FortiOS 6.4.x and below. For FortiOS 7.0.x and above, use the Video Filter by referring to Filtering based on YouTube channel.

 

  • To use YouTube access to specific channels, the streaming media and download category should be allowed or monitored. 

 

ssenthil_1-1656948246501.png

 

  • Block the specific applications using application control. 


To enable this feature from the GUI. 

 

  1. Go to Security Profiles -> Web Filter and go to the 'Proxy Options' section.
  2. Enable 'Restrict YouTube access to specific channels'.


  
  1. Select 'Create New' and specify the Channel ID.
 
Identifying the YouTube channel ID.
 
The following table lists how to identify the YouTube channel ID based on different YouTube video URL formats:
 
Video URL.

Channel ID.

www.youtube.com/channel/<channel-id> <channel-id> indicates the ID for the channel.
www.youtube.com/user/<user-id>

Open the page source and locate:

<meta itemprop="channelId" content="<channel-id>">

<channel-id> indicates the channel ID for the user page.

www.youtube.com/watch?v=<string>

Open the page source and search for 'channelid'

For example: In Chrome.

3 dots ->More tools -> Developer tools -> Sources -> Page -> Top ->www.youtube.com -> s -> watch?v

-> In the middle panel search for 'channelid', which may be something like "channelId": "UCGzuiiLdQZu9wxDNJHO_JnA",

 
 
 
  1.  Select 'OK' and the option shows the Channel ID and its link.
 
 
To enable this feature from the CLI.
 
config webfilter profile
    edit "webfilter"
        set youtube-channel-status whitelist  <----- whitelist: only allow the traffic belonging to this channel id and relative identifiers, 
blacklist: only block the traffic belonging to this channel id and relative identifiers and allow the other traffic to pass.
            config youtube-channel-filter
                   edit 1
                       set channel-id "UCGzuiiLdQZu9wxDNJHO_JnA"
                   next
            end
    next
end
 
NoteDeep inspection is required to inspect the traffic. Also, block QUIC protocol using application control or UDP 443, this way the connection will be over TCP/UDP.
 
Also, Application control has to be set to Monitor for the YouTube application signature, as well as the YouTube_Channel.ID signature.