Fortinet black logo

Administration Guide

Filtering based on title

Filtering based on title

Video filtering can be configured to filter using keyword-based filters for video titles. When a video’s title matches the configured keyword, the video filter will take the corresponding action of allow, monitor, or block. Video filtering is only supported in proxy-based inspection mode, and deep inspection must be enabled in the firewall policy.

The YouTube API key must be configured to use this feature. Otherwise, the title filter will not retrieve the video information and bypass the traffic. See YouTube API key for more information.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Basic configuration

In this example, videos are blocked that contain the keyword, game. For information about configuring video filter keyword lists, see Example configuration.

To configure the video filter profile in the GUI:
  1. Configure the video filter profile:

    1. Go to Security Profiles > Video Filter, select the Video Filter Profile tab, and click Create new.

    2. Enter a name (title-filter-profile).

    3. In the Filters table, click Create new.

    4. Configure the filter with the following settings:

      1. Set the Type to Title.

      2. Set the Action to Block.

      3. Set the Keyword to test-keyword-match-or.

      4. Click OK.

    5. Click OK to save the video filter profile.

  2. Apply the video filter in a firewall policy.

To configure the video filter profile in the CLI:
  1. Configure the video filter profile:

    config videofilter profile
        edit "title-filter-profile"
            config filters
                edit 1
                    set type title
                    set keyword 1
                    set action block
                    set log enable
                next
            end
        next
    end
  2. Apply the video filter in a firewall policy.

Verifying the configuration

From a client, search for a video in YouTube named "How To Use Python Steam API || Steam game API python". The video is blocked.

Sample log:
6: date=2023-11-24 time=09:51:30 eventtime=1700848289598975941 tz="-0800" logid="0350013712" type="utm" subtype="webfilter" eventtype="unknown" level="warning" vd="vdom1" msg="Video title is blocked." policyid=1 poluuid="19841eb8-841c-51ee-7047-6a6860eb3522" sessionid=384813810 srcip=10.1.100.141 dstip=142.251.33.110 srcport=21473 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 httpmethod="GET" service="HTTPS" action="blocked" videoinfosource="API" profile="title-filter-profile" videoid="LaRHkSVvDjI" videotitle="How To Use Python Steam API  || Steam game API python" hostname="www.youtube.com" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH" url="https://www.youtube.com/watch?v=LaRHkSVvDjI"

Filtering based on title

Video filtering can be configured to filter using keyword-based filters for video titles. When a video’s title matches the configured keyword, the video filter will take the corresponding action of allow, monitor, or block. Video filtering is only supported in proxy-based inspection mode, and deep inspection must be enabled in the firewall policy.

The YouTube API key must be configured to use this feature. Otherwise, the title filter will not retrieve the video information and bypass the traffic. See YouTube API key for more information.

Note

It is recommended to block the QUIC protocol in application control profiles while applying video filter profiles (see Blocking QUIC manually). By default, FortiOS can only inspect QUIC traffic in HTTP3 in flow mode, and video filtering only operates in proxy mode. By explicitly blocking QUIC in application control, video traffic utilizing the QUIC protocol on UDP/443 will revert to TCP/443 without QUIC, allowing the FortiGate to successfully inspect the traffic.

Basic configuration

In this example, videos are blocked that contain the keyword, game. For information about configuring video filter keyword lists, see Example configuration.

To configure the video filter profile in the GUI:
  1. Configure the video filter profile:

    1. Go to Security Profiles > Video Filter, select the Video Filter Profile tab, and click Create new.

    2. Enter a name (title-filter-profile).

    3. In the Filters table, click Create new.

    4. Configure the filter with the following settings:

      1. Set the Type to Title.

      2. Set the Action to Block.

      3. Set the Keyword to test-keyword-match-or.

      4. Click OK.

    5. Click OK to save the video filter profile.

  2. Apply the video filter in a firewall policy.

To configure the video filter profile in the CLI:
  1. Configure the video filter profile:

    config videofilter profile
        edit "title-filter-profile"
            config filters
                edit 1
                    set type title
                    set keyword 1
                    set action block
                    set log enable
                next
            end
        next
    end
  2. Apply the video filter in a firewall policy.

Verifying the configuration

From a client, search for a video in YouTube named "How To Use Python Steam API || Steam game API python". The video is blocked.

Sample log:
6: date=2023-11-24 time=09:51:30 eventtime=1700848289598975941 tz="-0800" logid="0350013712" type="utm" subtype="webfilter" eventtype="unknown" level="warning" vd="vdom1" msg="Video title is blocked." policyid=1 poluuid="19841eb8-841c-51ee-7047-6a6860eb3522" sessionid=384813810 srcip=10.1.100.141 dstip=142.251.33.110 srcport=21473 dstport=443 srcintf="port2" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 httpmethod="GET" service="HTTPS" action="blocked" videoinfosource="API" profile="title-filter-profile" videoid="LaRHkSVvDjI" videotitle="How To Use Python Steam API  || Steam game API python" hostname="www.youtube.com" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH" url="https://www.youtube.com/watch?v=LaRHkSVvDjI"