webfilter block streaming video except youtube fail

lokewing · ‎11-27-2014

Dear all,

i have a fortigate 100D version v5.2.2, i need to set a rules to block all streaming video but only allow youtube, i have done the web rating overrides youtube.com to custom group. but when i streaming video on youtube keep show video error.

Dave_Hall · ‎11-29-2014

You may have better luck using an application sensor -- either create a new app sensor or preferably use your existing one that is covering web traffic; add an application filter that blocks all video/audio then create a second one that allows google video/media -- move this second app filter above the first one. Like firewall policy rules app filters are executed from top->down.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

lokewing · ‎11-27-2014

Below is my categories filter

Dave_Hall · ‎11-29-2014

You may have better luck using an application sensor -- either create a new app sensor or preferably use your existing one that is covering web traffic; add an application filter that blocks all video/audio then create a second one that allows google video/media -- move this second app filter above the first one. Like firewall policy rules app filters are executed from top->down.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

lokewing · ‎12-02-2014

Dave Hall wrote:
You may have better luck using an application sensor -- either create a new app sensor or preferably use your existing one that is covering web traffic; add an application filter that blocks all video/audio then create a second one that allows google video/media -- move this second app filter above the first one. Like firewall policy rules app filters are executed from top->down.

[attachImg]https://forum.fortinet.com/download.axd?file=0;117879&where=message&f=allow-youtube only b.gif[/attachImg]

i have follow your way to do the filter,but some time fortigate unable detect facebook apps and block it, is just show ssl for facebook and allow, how to avoid this?

Dave_Hall · ‎12-03-2014

lokewing wrote:
i have follow your way to do the filter,but some time fortigate unable detect facebook apps and block it, is just show ssl for facebook and allow, how to avoid this?[attachImg]https://forum.fortinet.com/download.axd?file=0;117982&where=message&f=Capture.JPG[/attachImg]

Facebook uses a wildcard security certificate, so if blocking it via FortiGuard categories (under social networking) or App sensor doesn't work you can try crafting a URL filter block (either using a wildcard *.facebook.com, or regex facebook.com). www.facebook.com resolves to star.c10r.facebook.com, so a URL filter block (one of the above) should work for that too, even under HTTPS.

Can you clarify (screen shot) of the app sensor used for blocking facebook? When you craft the app filter, only facebook should be selected under vendor with everything else set as all (default).

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

arshadm · ‎11-29-2014

Ok. This is not an issue at all. If you go to your logs and open security, webfilter log you will be able to see that it blocks all the traffic destined to googlevideo.com. You just have to add googlevideo.com to a static webfilter or do a override like you have done to youtube.com.

P.S. I prefer doing this via static web filter rather than overrides.