03-04-2018 12:37 PM
Hi Guys,
I am running FTD on ASA 5516-X version 6.2.2.1 managed by FMC version 6.2.2.1.
I need to block only facebook chat, facebook videos, facebook images, facebook likes and comments without blocking the access to facebook.
I have added an Internal CA which I installed on the PC. Then, I added an SSL policy with decrypt and resign action for facebook application
Then, in the access policy, I added the SSL policy and I added a rule with block facebook message.
Did I miss anything in my configuration ?
Regards,
Zied
Solved! Go to Solution.
10-19-2018 07:25 AM
Good day everyone!
Steps to let´s work with these features:
1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.
2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc.
3.- If it does not work, use the next commands in the clish:
And in expert:
When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.
Sometimes it seems that you are allowed to give like or send messages, but it is not.
To check that, use two users and try to comment or send messages between them to prove that.
Regards!!
03-15-2018 01:13 PM
Hi Zied,
Try creating a SSL policy rule without any application object. Sometimes if the SSL isn't able to identify the traffic with application, rule (SSL) would not match which would cause access rule not to match.
You can try it for single source IP without any other application filter.
Hope it helps.
Yogesh
04-07-2018 12:22 PM
Hi Yogesh,
It is still the same problem.
04-09-2018 08:10 AM
if you look for allowed access to these, which "Access Control Rule" allows the access ? I have ran into similar issues to find out that one of the rule above was the complicit.
04-09-2018 09:07 AM
Hi Zied,
Working on similar case. Apart from "like" able to see other categories blocked on 6.2.3 latest version available.
Regards,
Anubhav
10-19-2018 07:25 AM
Good day everyone!
Steps to let´s work with these features:
1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.
2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc.
3.- If it does not work, use the next commands in the clish:
And in expert:
When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.
Sometimes it seems that you are allowed to give like or send messages, but it is not.
To check that, use two users and try to comment or send messages between them to prove that.
Regards!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: