Summary:
Objective: allow user to access Facebook, but not Facebook chat.
Before making any changes, I was able to use facebook chat feature:
Service:
-
layer 4 only
VS.
App ID:
-
Including layer 4 - traditional stateful firewall
-
Including signatures - traditional IDS/IPS
-
Decoders - inspects payload, and tunneled traffic
-
SSL Outbound Decryption - acts like MITM
-
Granular application control - allow facebook, but block facebook chat
-
Pay attention to dependencies and implied applications
-
-
Now, I am only allowing facebook base, so facebook chat should be blocked by the firewall:
Note, in order to use facebook base, there is no dependency needed, and it's using ssl, web-browsing automatically. However, do not forget to add DNS for this traffic to work.
-
Update policy:
-
Traffic logs indicating the facebook-chat was blocked by the clean up rule. Note, I created a clean up rule at the bottom of the policy for logging purpose.
-
Now let's re-enable facebook-chat. Note, facebook-chat is depending on facebook-base (already in place) and mqtt (need to add this application). It also automatically using jabber and web-browsing as well.
-
Update policy:
-
Re-test: now I am good again
