cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5053
Views
5
Helpful
11
Replies

ASA With FirePower can't block Facebook videos

ricardo_puga
Level 1
Level 1

i do a rule for block facebook video in the window de application control and with action of block with reset but when i open facebook continue showing the videos, the version of sensor3d is the 6.2

how can block the videos the facebook?

Best Regards

Ricardo Puga

11 Replies 11

Marvin Rhoads
Hall of Fame
Hall of Fame

Since Facebook video (and other Facebook micro apps) is delivered via https, you need a decryption policy to open the full URI for AVC to be effective with Facebook and other similar sites/applications.

A decryption policy requires the IPS to be a "man in the middle" and it must therefore have a certificate that is trusted by all of your end users - i.e., via establishment of an enterprise PKI.

Hi Marvin


Thanks for the answer, tomorrow in an webex i will do the configuration

regards

Ricardo Puga

Hello Ricardo,

Refer the following link to configure the SSL policy .

http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/200202-Configuration-of-an-SSL-Inspection-Polic.html

Also you have to  disable the http2 traffic from the site since we have some issues with that .

Regards

Jetsy 

Ihave the same problem. Can you solve the Issue?

hi, today i was do the configuration the policies SSL with an certificate self signed for the Firepower but don't works

i do a policy SSL with decrypt resign and in the application was put : facebook video and facebook, when opened the chrome shows the certificate self signed this is correct, but not block the facebook videos

after i do other policy SSL for what facebook videos with the action: block with reset and one policy SSL for facebook aplication with action: Decrypt Resign, but not blocked it


the last try were do a policy of application control with the application : facebook comment, like, video but all not working

i attach the images of the configuration

Try using the SSL Policy with the Decrypt and Resign only as you have shown in your one example.

Then reference that SSL Policy in your Access Control Policy (ACP). It's in the ACP where you should have a rule to Block with Reset. 

Something like this:

Hi Marvin 

i did a policy SSL that Decrypt and Resign the application Facebook and in the ACP, i did an rule that block and reset the application Facebook Video, but not works

i attach images of the rules and logs of the connections

i hope that i yelpme

Regards

The way you have it now should be correct to my understanding.

Is it possible to open a TAC case to look at it in real time?

Hi Marvin,

Regarding this matter, is it possible to block any video posted in your FB wall using this FB micro app? or should it be possible only with videos sourced from FB?

Thanks in advanced

Hi Marvin, Thank you in advance for your expert guidance. It is always helpful. Florida has passed HB379, which prohibits students in k-12 from accessing social media on school networks. The issue is blocking social media apps on personally owned-mobile devices. I have an ACP rule blocking social media apps, but traffic still flows from that source. So I want to confirm that to block access to Facebook from devices using the mobile app, I need a decryption policy, then the app blocking feature will function. Is this correct? Also, will a SSL inspection / decryption create performance degredation ? I am using a pair of  FTD 4125 in HA config.