Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ibituya
Staff
Staff

Created on ‎12-16-2024 12:39 AM Edited on ‎08-26-2025 11:24 PM By Moderator

Article Id 364911

Technical Tip: YouTube video Filtering based on FortiGuard Categories without API key

Description

This article describes creating a video filter profile to restrict YouTube videos based on FortiGuard categories without using an API key.
Scope

FortiGate v7.0.0 and later.
Solution

The video filter profile is an additional security feature that can restrict YouTube videos based on FortiGuard categories. The following points should be taken into consideration when enabling a video filter:

  • The video filtering service requires a valid FortiGuard web filter license.
  • The video filter profile is currently supported by proxy-based policies.
  • SSL deep inspection is required when enabling a video filter profile.
  • It is recommended to block the QUIC protocol in the application control profile while applying the video filter profile to allow the FortiGate to successfully inspect the traffic using TCP/443.

 

To configure the video filter based on FortiGuard categories:

  1. Create the video filter profile under Security Profiles -> Video FilterIf the Video Filter is not visible, enable it under System -> Feature Visibility. Refer to Technical Tip: Enabling Video Filter on FortiGate.
  2. Enable FortiGuard Category-Based Filter and select the needed action for each category (allow/block/monitor). For example, in this case, the Sports category is set to Block.

 

ibituya_0-1734335117601.png

 

  1. Create the firewall policy and enable the video filter.

 

Note:

Proxy-based inspection and SSL deep inspection are required with a video filter. To enable deep inspection, refer to: Technical Tip: How to enable deep inspection and import a certificate in the browser.

 

ibituya_1-1734335117608.png

 

  1. The block page will be displayed if a sports-related video has been accessed.

    ibituya_2-1734335117612.png
  2. Troubleshooting and debugging.

How to verify if the FortiGuard video filtering license is valid:

 

fortiguard.png

 

The videofilter license should be synchronized with the webfilter license.

 

To verify the WAD worker is running:

 

wadworker.png

 

To display and debug the video filter cache:

 

appwad.png

 

To enable real-time WAD debugs:

 

diagnose wad debug enable level verbose

diagnose wad debug enable category video

diagnose debug enable

 

Example output:

 

sample.png

 

Special Note:
Starting from v7.4.4, Proxy-related features are no longer supported in FortiOS. This change affects models 30G, 40F, 50G, 60E, 60F, 80E, and 90E series devices, including their variants (FortiWifi, FortiGate-3G4G, FortiGate-5G, FortiGate-POE), as well as the FortiGate-Rugged 60F (2 GB versions only).

Refer to this document for more information: Proxy-related features not supported on FortiGate 2 GB RAM models.

 

Related documents:

Video Filter - FortiGate administration guide

Technical Tip: How to restrict YouTube channels using video filtering

Technical Tip: Using proxy features in lower-end FortiGates

942
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.