Fortinet black logo

Administration Guide

Video filter

The video filter profile can be used to filter YouTube videos based on several criteria, including: FortiGuard categories, video titles, video descriptions, and channel IDs. These criteria provide a more granular override of a single channel, user, or video. The video filter profile is currently supported in proxy-based policies and requires SSL deep inspection. The FortiGuard Video filtering service is based on a valid FortiGuard web filter license.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Configuring a video filter profile

In the GUI (Security Profiles > Video Filter > Video Filter Profile), four types of filters can be created on the New Video Filter Profile page: Category, Title, Description, and Channel.

When adding a Category type filter, the various FortiGuard categories, including Any, can be set to allow, monitor, or block videos in those categories. See Filtering based on FortiGuard categories for a detailed example and explanation of how the WAD daemon inspects videos.

The Title and Description type filters can be used to filter video based on keywords. See Configuring a video filter keyword list for more information. When a video’s title or description matches a defined keyword, the video filter will take the corresponding action of allow, monitor, or block. See Filtering based on title and Filtering based on description for detailed examples.

The Channel type filter can be used to filter all or specific YouTube channels. When a video matches a YouTube channel, the video filter will take the corresponding action of allow, monitor, or block. See Filtering based on YouTube channel for a detailed example.

Users can prioritize configured filters within the video filter profiles based on their sequence order. To change the sequence order, drag the selected filter to the desired position. An implicit rule within the video filter profile is set to Allow. If a video does not match any of the other filters, it will be subject to this implicit rule and allowed to pass through.

To configure a video filter profile:
config videofilter profile
    edit <name>
        config filters
            edit <id>
                set type {category* | channel | title | description}
                set log {enable* | disable}
                set action {allow | block | monitor*}
            next
        end
    next
end

The default values are marked with an asterisk (*).

YouTube API key

The YouTube API key is required when filtering by a:

  • YouTube video title
  • YouTube video description
  • YouTube channel in conjunction with filtering based on FortiGuard categories
To configure the YouTube API key in the GUI:
  1. Go to Security Profiles > Video Filter and select the Video Filter Settings tab.

  2. Click the + to add an API key.

  3. Click OK.

To configure the YouTube API key in the CLI:
config videofilter youtube-key
    edit <id>
        set key <string>
    next
end

The video filter profile can be used to filter YouTube videos based on several criteria, including: FortiGuard categories, video titles, video descriptions, and channel IDs. These criteria provide a more granular override of a single channel, user, or video. The video filter profile is currently supported in proxy-based policies and requires SSL deep inspection. The FortiGuard Video filtering service is based on a valid FortiGuard web filter license.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Configuring a video filter profile

In the GUI (Security Profiles > Video Filter > Video Filter Profile), four types of filters can be created on the New Video Filter Profile page: Category, Title, Description, and Channel.

When adding a Category type filter, the various FortiGuard categories, including Any, can be set to allow, monitor, or block videos in those categories. See Filtering based on FortiGuard categories for a detailed example and explanation of how the WAD daemon inspects videos.

The Title and Description type filters can be used to filter video based on keywords. See Configuring a video filter keyword list for more information. When a video’s title or description matches a defined keyword, the video filter will take the corresponding action of allow, monitor, or block. See Filtering based on title and Filtering based on description for detailed examples.

The Channel type filter can be used to filter all or specific YouTube channels. When a video matches a YouTube channel, the video filter will take the corresponding action of allow, monitor, or block. See Filtering based on YouTube channel for a detailed example.

Users can prioritize configured filters within the video filter profiles based on their sequence order. To change the sequence order, drag the selected filter to the desired position. An implicit rule within the video filter profile is set to Allow. If a video does not match any of the other filters, it will be subject to this implicit rule and allowed to pass through.

To configure a video filter profile:
config videofilter profile
    edit <name>
        config filters
            edit <id>
                set type {category* | channel | title | description}
                set log {enable* | disable}
                set action {allow | block | monitor*}
            next
        end
    next
end

The default values are marked with an asterisk (*).

YouTube API key

The YouTube API key is required when filtering by a:

  • YouTube video title
  • YouTube video description
  • YouTube channel in conjunction with filtering based on FortiGuard categories
To configure the YouTube API key in the GUI:
  1. Go to Security Profiles > Video Filter and select the Video Filter Settings tab.

  2. Click the + to add an API key.

  3. Click OK.

To configure the YouTube API key in the CLI:
config videofilter youtube-key
    edit <id>
        set key <string>
    next
end