FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 265789
Description This article describes the troubleshooting steps for video filtering based on the YouTube category.
Scope All FortiGate models.
  1. FortiGate reaches global FortiGuard servers for the video ID.

Debug would be similar as below :

[V]2023-06-19 17:36:59.161410 wad_http_start_video_filter_req   :124   hreq=0x7fc278c91bc8, vfp=0x7fc279c5a288, vid=N/A, is_yt_player=0, url=/generate_204
[V]2023-06-19 17:36:59.161414 wad_vf_req_submit                 :2245  node=0x7fc2796bb3e0, ctx=0x7fc27aeb18a8, youtube_channel_filter_id=0
[I]2023-06-19 17:36:59.161417 wad_vf_sync_task_finished         :2159  ctx=0x7fc27aeb18a8 finished
[V]2023-06-19 17:36:59.161418 wad_vf_sync_task_run              :2200  end of sync task ret=0
[I]2023-06-19 17:36:59.161420 wad_http_start_video_filter_req   :148   hreq=0x7fc278c91bc8 submitted vf request, ret=1
[I]2023-06-19 17:36:59.161422 wad_vf_handle_channel             :388   hreq=0x7fc278c91bc8, result=ignore, ret=0
[I]2023-06-19 17:36:59.161424 wad_vf_handle_category            :430   hreq=0x7fc278c91bc8, result=unknown, ret=1
[V]2023-06-19 17:36:59.161425 wad_vf_handle_result              :537   hreq=0x7fc278c91bc8, result=unknown, msg_done=0


Note down the request ID: 7fc278c91bc8, with this ID it is possible to dig further to IPS and WAD debug.

As per the above debug result is unknown, so the first result is failed.


  1. Now it is necessary to check for the youtube API key if configuring, for example, if cx does not have the youtube API key, and now send to IPS with the same request ID.

    [I]2023-06-19 17:36:59.161448 wad_http_ipsscan_is_enabled       :996   ipsapp_yt_scan enabled req=0x7fc278c91bc8
    [I]2023-06-19 17:36:59.161451 wad_http_scan_init                :485   hs=0x7fc27aeb18d8 state=initialized: 
    [V]2023-06-19 17:36:59.161453 wad_http_scan_init                :528   scan setup done

    2023-06-19 17:36:59.178673 ipsapp ses 328 msg 203 eval response dir 0 act 0 app 34039 proto 0 tlv_len 0 -> 34039  is not youtube so the application scan is not detecting the application properly. It should be 31077.

    Then IPS would identify the ID based on the signature and apply a block or pass.