Filtering based on FortiGuard categories

Video filtering is only proxy-based and uses the WAD daemon to inspect the video in four phases:

  1. When the WAD receives a video query from a client, it extracts the video ID (vid) and tries to check the category and channel from the local cache.
  2. If there is no match from the local cache, it connects to the FortiGuard video rating server to query the video category.
  3. If the FortiGuard rating fails, it uses the to communicate with the Google API server to get its category and channel ID. This is the API query setting and it requires the user’s own YouTube API key string. This configuration is optional.
  4. If all steps fail to match the video, the WAD calls on the IPS engine to match the video ID and channel ID from the application signature database.

The FortiGuard anycast service must be enabled to use this feature.

In the following example, a new video filter profile is created to block the Knowledge category.


In the firewall policy settings, the default application control profile is recommended because it blocks QUIC traffic. Many Google services use the QUIC protocol on UDP/443. By blocking QUIC, YouTube will use standard HTTPS TCP/443 connections.

To configure a video filter based on FortiGuard categories in the GUI:
  1. Create the video filter profile:
    1. Go to Security Profiles > Video Filter and click Create New.</