Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide
7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Filtering based on description

Filtering based on description

Video filtering can be configured to filter using keyword-based filters for video descriptions. When a video’s description matches the configured keyword, the video filter will take the corresponding action of allow, monitor, or block. The description filter supports the first 100 characters of the video description. Video filtering is only supported in proxy-based inspection mode, and deep inspection must be enabled in the firewall policy.

The YouTube API key must be configured to use this feature. Otherwise, the description filter will not retrieve the video information and bypass the traffic. See YouTube API key for more information.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Basic configuration

In this example, videos are blocked where the description contains the keyword, API. For information about configuring video filter keyword lists, see Example configuration.

To configure the video filter profile in the GUI:

  1. Configure the video filter profile:

    1. Go to Security Profiles > Video Filter, select the Video Filter Profile tab, and click Create new.

    2. Enter a name (test-description-filter).

    3. In the Filters table, click Create new.

    4. Configure the filter with the following settings:

      1. Set the Type to Description.

      2. Set the Action to Block.

      3. Set the Keyword to test-keyword-match-all.

      4. Click OK.

    5. Click OK to save the video filter profile.

  2. Apply the video filter in a firewall policy.

To configure the video filter profile in the CLI:

  1. Configure the video filter profile:

    config videofilter profile
    edit "test-description-filter"
        config filters
            edit 1
                set type description
                set keyword 2
                set action block
                set log enable
            next
        end
    next
end

  2. Apply the video filter in a firewall policy.

Verifying the configuration

From a client, search for a video in YouTube named "Postman Tutorial #7 - HTTP Methods GET and POST in Postman". The description contains the text, "POSTMAN TUTORIAL - Complete API Testing and API Test Automation Course using Postman Tool...", so the video is blocked.

Sample log:
4: date=2023-11-24 time=16:08:51 eventtime=1700870931146681788 tz="-0800" logid="0351013728" type="utm" subtype="webfilter" eventtype="unknown" level="warning" vd="vdom1" msg="Video description is blocked." policyid=1 poluuid="090ca600-83e4-51ee-158a-a920fcf8f892" sessionid=100211 srcip=10.1.100.141 dstip=142.250.69.206 srcport=24948 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 httpmethod="GET" service="HTTPS" action="blocked" videoinfosource="API" profile="test-description-filter" videoid="pUGmhtqVJRk" videodesc="Get all my courses for USD 5.99/Month - https://bit.ly/all-c..." hostname="www.youtube.com" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH" url="https://www.youtube.com/watch?v=pUGmhtqVJRk"
Previous
Next

Filtering based on description

Video filtering can be configured to filter using keyword-based filters for video descriptions. When a video’s description matches the configured keyword, the video filter will take the corresponding action of allow, monitor, or block. The description filter supports the first 100 characters of the video description. Video filtering is only supported in proxy-based inspection mode, and deep inspection must be enabled in the firewall policy.

The YouTube API key must be configured to use this feature. Otherwise, the description filter will not retrieve the video information and bypass the traffic. See YouTube API key for more information.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Basic configuration

In this example, videos are blocked where the description contains the keyword, API. For information about configuring video filter keyword lists, see Example configuration.

To configure the video filter profile in the GUI:

  1. Configure the video filter profile:

    1. Go to Security Profiles > Video Filter, select the Video Filter Profile tab, and click Create new.

    2. Enter a name (test-description-filter).

    3. In the Filters table, click Create new.

    4. Configure the filter with the following settings:

      1. Set the Type to Description.

      2. Set the Action to Block.

      3. Set the Keyword to test-keyword-match-all.

      4. Click OK.

    5. Click OK to save the video filter profile.

  2. Apply the video filter in a firewall policy.

To configure the video filter profile in the CLI:

  1. Configure the video filter profile:

    config videofilter profile
    edit "test-description-filter"
        config filters
            edit 1
                set type description
                set keyword 2
                set action block
                set log enable
            next
        end
    next
end

  2. Apply the video filter in a firewall policy.

Verifying the configuration

From a client, search for a video in YouTube named "Postman Tutorial #7 - HTTP Methods GET and POST in Postman". The description contains the text, "POSTMAN TUTORIAL - Complete API Testing and API Test Automation Course using Postman Tool...", so the video is blocked.

Sample log:
4: date=2023-11-24 time=16:08:51 eventtime=1700870931146681788 tz="-0800" logid="0351013728" type="utm" subtype="webfilter" eventtype="unknown" level="warning" vd="vdom1" msg="Video description is blocked." policyid=1 poluuid="090ca600-83e4-51ee-158a-a920fcf8f892" sessionid=100211 srcip=10.1.100.141 dstip=142.250.69.206 srcport=24948 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 httpmethod="GET" service="HTTPS" action="blocked" videoinfosource="API" profile="test-description-filter" videoid="pUGmhtqVJRk" videodesc="Get all my courses for USD 5.99/Month - https://bit.ly/all-c..." hostname="www.youtube.com" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH" url="https://www.youtube.com/watch?v=pUGmhtqVJRk"
Previous
Next