Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 6.4.7 Administration Guide
    6.4.7
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Top application: YouTube example

    Top application: YouTube example

    Monitoring network traffic with SSL deep inspection

    This example of monitors network traffic for YouTube using FortiView Applications view with SSL deep inspection.

    To monitor network traffic with SSL deep inspection:
    1. Use a firewall policy with the following settings. If necessary, create a policy with these settings.
      • Application Control is enabled.
      • SSL Inspection is set to deep-inspection.
      • Log Allowed Traffic is set to All Sessions.

    2. Go to Security Profiles > Application Control.
    3. Select a relative Application Control profile used by the firewall policy and click Edit.
    4. Because YouTube cloud applications are categorized into Video/Audio, ensure the Video/Audio category is monitored.

      Monitored categories are indicate by an eye icon.

    5. Click View Application Signatures and hover over YouTube cloud applications to view detailed information about YouTube application sensors.
    6. Expand YouTube to view the Application Signatures associated with the application.

      Application Signature

      Description

      Application ID

      YouTube_Video.Access

      An attempt to access a video on YouTube.

      16420

      YouTube_Channel.ID

      An attempt to access a video on a specific channel on YouTube.

      44956

      YouTube_Comment.Posting

      An attempt to post comments on YouTube.

      31076

      YouTube_HD.Streaming

      An attempt to watch HD videos on YouTube.

      33104

      YouTube_Messenger

      An attempt to access messenger on YouTube.

      47858

      YouTube_Video.Play

      An attempt to download and play a video from YouTube.

      38569

      YouTube_Video.Upload

      An attempt to upload a video to YouTube.

      22564

      YouTube

      An attempt to access YouTube.

      This application sensor does not depend on SSL deep inspection so it does not have a cloud or lock icon.

      31077

      YouTube_Channel.Access

      An attempt to access a video on a specific channel on YouTube.

      41598

      Tooltip

      To view the application signature description, click the ID link in the information window.

    7. On the test PC, log into YouTube and play some videos.
    8. On the FortiGate, go to Log & Report > Application Control and look for log entries for browsing and playing YouTube videos.

      In this example, note the Application User and Application Details. Also note that the Application Control ID is 38569 showing that this entry was triggered by the application sensor YouTube_Video.Play.

    9. Go to Dashboard > FortiView Applications.
    10. In the FortiView Applications dashboard, double-click YouTube to view the drilldown information.
    11. Select the Sessions tab to see all the entries for the videos played. Check the sessions for YouTube_Video.Play with the ID 38569.

    Monitoring network traffic without SSL deep inspection

    This example of monitors network traffic for YouTube using FortiView cloud application view without SSL deep inspection.

    To monitor network traffic without SSL deep inspection:
    1. Use a firewall policy with the following settings. If necessary, create a policy with these settings.
      • Application Control is enabled.
      • SSL Inspection is set to certificate-inspection.
      • Log Allowed Traffic is set to All Sessions.

    2. On the test PC, log into YouTube and play some videos.
    3. On the FortiGate, go to Log & Report > Application Control and look for log entries for browsing and playing YouTube videos.

      In this example, the log shows only applications with the name YouTube. The log cannot show YouTube application sensors which rely on SSL deep inspection.

    4. Go to Dashboard > FortiView Applications.

      The FortiView Cloud Application by Bytes dashboard shows the YouTube cloud application without the video played information that requires SSL deep inspection.

    5. Double-click YouTube and click the Sessions tab.

      These sessions were triggered by the application sensor YouTube with the ID 31077. This is the application sensor with cloud behavior which does not rely on SSL deep inspection.

    Previous
    Next

    Top application: YouTube example

    Top application: YouTube example

    Monitoring network traffic with SSL deep inspection

    This example of monitors network traffic for YouTube using FortiView Applications view with SSL deep inspection.

    To monitor network traffic with SSL deep inspection:
    1. Use a firewall policy with the following settings. If necessary, create a policy with these settings.
      • Application Control is enabled.
      • SSL Inspection is set to deep-inspection.
      • Log Allowed Traffic is set to All Sessions.

    2. Go to Security Profiles > Application Control.
    3. Select a relative Application Control profile used by the firewall policy and click Edit.
    4. Because YouTube cloud applications are categorized into Video/Audio, ensure the Video/Audio category is monitored.

      Monitored categories are indicate by an eye icon.

    5. Click View Application Signatures and hover over YouTube cloud applications to view detailed information about YouTube application sensors.
    6. Expand YouTube to view the Application Signatures associated with the application.

      Application Signature

      Description

      Application ID

      YouTube_Video.Access

      An attempt to access a video on YouTube.

      16420

      YouTube_Channel.ID

      An attempt to access a video on a specific channel on YouTube.

      44956

      YouTube_Comment.Posting

      An attempt to post comments on YouTube.

      31076

      YouTube_HD.Streaming

      An attempt to watch HD videos on YouTube.

      33104

      YouTube_Messenger

      An attempt to access messenger on YouTube.

      47858

      YouTube_Video.Play

      An attempt to download and play a video from YouTube.

      38569

      YouTube_Video.Upload

      An attempt to upload a video to YouTube.

      22564

      YouTube

      An attempt to access YouTube.

      This application sensor does not depend on SSL deep inspection so it does not have a cloud or lock icon.

      31077

      YouTube_Channel.Access

      An attempt to access a video on a specific channel on YouTube.

      41598

      Tooltip

      To view the application signature description, click the ID link in the information window.

    7. On the test PC, log into YouTube and play some videos.
    8. On the FortiGate, go to Log & Report > Application Control and look for log entries for browsing and playing YouTube videos.

      In this example, note the Application User and Application Details. Also note that the Application Control ID is 38569 showing that this entry was triggered by the application sensor YouTube_Video.Play.

    9. Go to Dashboard > FortiView Applications.
    10. In the FortiView Applications dashboard, double-click YouTube to view the drilldown information.
    11. Select the Sessions tab to see all the entries for the videos played. Check the sessions for YouTube_Video.Play with the ID 38569.

    Monitoring network traffic without SSL deep inspection

    This example of monitors network traffic for YouTube using FortiView cloud application view without SSL deep inspection.

    To monitor network traffic without SSL deep inspection:
    1. Use a firewall policy with the following settings. If necessary, create a policy with these settings.
      • Application Control is enabled.
      • SSL Inspection is set to certificate-inspection.
      • Log Allowed Traffic is set to All Sessions.

    2. On the test PC, log into YouTube and play some videos.
    3. On the FortiGate, go to Log & Report > Application Control and look for log entries for browsing and playing YouTube videos.

      In this example, the log shows only applications with the name YouTube. The log cannot show YouTube application sensors which rely on SSL deep inspection.

    4. Go to Dashboard > FortiView Applications.

      The FortiView Cloud Application by Bytes dashboard shows the YouTube cloud application without the video played information that requires SSL deep inspection.

    5. Double-click YouTube and click the Sessions tab.

      These sessions were triggered by the application sensor YouTube with the ID 31077. This is the application sensor with cloud behavior which does not rely on SSL deep inspection.

    Previous
    Next