Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yathu
New Contributor

Block youtube on mobile phones

How can i block youtube on mobile phones

 

7 REPLIES 7
Sunil_Panchal_NSE7
New Contributor III

Dear friend ,

 

        you can use application control to block you tube application on mobiles phones.

web block for using web pages.

yathu

Bro

In Application Control not listed to block Youtube application on Mobile,

If you found pls tell me

Sunil_Panchal_NSE7

dear friend ,

                   Application control on fortigate is not any ios specific  of system it is based on signature of application of vendor .

if you block application of YouTube from fortigate it will block all connection of you-tube application.

Opening youtube from web is different from going through an application .

 you can block based on application .

 go ahead and test the blocking 

 

a_acampa
New Contributor

Hi, mobile network and laptop network are on the same networks? or you have two different network? If you have two netwroks you have to create two rules and two security web profiles.

 

In one WebFilter profile you have to block you tube access (and assign it to rule that matches mobile pohone traffic) and the other WebProfile is for laptop network, so in it profile you need to allow youtube.

 

Consider that whithout HTTPS inspection these rules and profile are not enough.

 

Regards Adnrea

nitindivekar
New Contributor

1.Create a web filter with streaming video block setting and other required filter settings  2.Create a device policy with Incoming interface "internal" and outgoing interface "wan" with source all/local network and device "Android phone", "Android Tablet"  You can also use application filter to configure this policy 

Timathy
New Contributor

I don't think that's a good choice

naibaho
New Contributor III

Hi yathu,

You can do these:

1. Predefined addresses based on MAC vendor. Then you can apply application control to policy that have source from that addesses. (This only work if your fortigate is endpoint gateway or your fortigate is between gateway and endpoint as layer 2 transparent mode)

eg. ac:61:ea:xx:xx:xx is apple.inc mac device. See, that ac:61:ea block is registered for apple.

Add address based on that address block

config firewall address
    edit "apple.inc"
        set type mac
        set start-mac ac:61:ea:00:00:00
       set end-mac ac:61:ea:ff:ff:ff
    next
end

Ofcourse doing this method requires a lot of effort. There are hundreds mac address block for apple.inc, samsung, htc and others mobile phone vendors.

 

2. Network Access Control (NAC)

Because the first one requires a lot of effort, network vendors sees this as an opportunity.

NAC provides visibility of endpoint device in your network, and identify endpoint devicees automatically for you.

Ofcourse Fortinet have product. You can learn about ini here https://www.fortinet.com/products/network-access-control

 

best regard

best regard
best regard
Labels
Top Kudoed Authors