Solution |
- FortiGate reaches global FortiGuard servers for the video ID.
Debug would be similar as below :
[V]2023-06-19 17:36:59.161410 wad_http_start_video_filter_req :124 hreq=0x7fc278c91bc8, vfp=0x7fc279c5a288, vid=N/A, is_yt_player=0, url=/generate_204 [V]2023-06-19 17:36:59.161414 wad_vf_req_submit :2245 node=0x7fc2796bb3e0, ctx=0x7fc27aeb18a8, youtube_channel_filter_id=0 [I]2023-06-19 17:36:59.161417 wad_vf_sync_task_finished :2159 ctx=0x7fc27aeb18a8 finished [V]2023-06-19 17:36:59.161418 wad_vf_sync_task_run :2200 end of sync task ret=0 [I]2023-06-19 17:36:59.161420 wad_http_start_video_filter_req :148 hreq=0x7fc278c91bc8 submitted vf request, ret=1 [I]2023-06-19 17:36:59.161422 wad_vf_handle_channel :388 hreq=0x7fc278c91bc8, result=ignore, ret=0 [I]2023-06-19 17:36:59.161424 wad_vf_handle_category :430 hreq=0x7fc278c91bc8, result=unknown, ret=1 [V]2023-06-19 17:36:59.161425 wad_vf_handle_result :537 hreq=0x7fc278c91bc8, result=unknown, msg_done=0
Note down the request ID: 7fc278c91bc8, with this ID it is possible to dig further to IPS and WAD debug.
As per the above debug result is unknown, so the first result is failed.
- Now it is necessary to check for the youtube API key if configuring, for example, if cx does not have the youtube API key, and now send to IPS with the same request ID.
[I]2023-06-19 17:36:59.161448 wad_http_ipsscan_is_enabled :996 ipsapp_yt_scan enabled req=0x7fc278c91bc8 [I]2023-06-19 17:36:59.161451 wad_http_scan_init :485 hs=0x7fc27aeb18d8 state=initialized: [V]2023-06-19 17:36:59.161453 wad_http_scan_init :528 scan setup done
2023-06-19 17:36:59.178673 ipsapp ses 328 msg 203 eval response dir 0 act 0 app 34039 proto 0 tlv_len 0 -> 34039 is not youtube so the application scan is not detecting the application properly. It should be 31077.
Then IPS would identify the ID based on the signature and apply a block or pass.
|