Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2345
Views
1
Helpful
5
Replies

Block Facebook messages, videos, images, likes, comments

Go to solution
ZiedN
Level 1
Level 1

‎03-04-2018 12:37 PM

Hi Guys,

I am running FTD on ASA 5516-X version 6.2.2.1 managed by FMC version 6.2.2.1.

I need to block only facebook chat, facebook videos, facebook images, facebook likes and comments without blocking the access to facebook.

I have added an Internal CA which I installed on the PC. Then, I added an SSL policy with decrypt and resign action for facebook application2018-03-04 21_28_47-Cisco Firepower Management Center for VMWare 6.2.2.1 Build 73 (FMC.nsit-labs.loc.png

Then, in the access policy, I added the SSL policy and I added a rule with block facebook message.

2018-03-04 21_33_10-Cisco Firepower Management Center for VMWare 6.2.2.1 Build 73 (FMC.nsit-labs.loc.png

Did I miss anything in my configuration ?

Regards,

Zied

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ruben De La Vega
Cisco Employee
Cisco Employee

‎10-19-2018 07:25 AM

Good day everyone!

 

Steps to let´s work with these features:

1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.

 

2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc. 

3.- If it does not work, use the next commands in the clish:

 

  • system support ssl-client-hello-tuning extensions_remove 16,13172
  • system support pmtool restartbytype DetectionEngine

And in expert:

  • pmtool restartbytype snort

When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.

Sometimes it seems that you are allowed to give like or send messages, but it is not. 
To check that, use two users and try to comment or send messages between them to prove that.

 

Regards!!

View solution in original post

5 Replies 5

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-15-2018 01:13 PM

Hi Zied,

Try creating a SSL policy rule without any application object. Sometimes if the SSL isn't able to identify the traffic with application, rule (SSL) would not match which would cause access rule not to match.

You can try it for single source IP without any other application filter.

Hope it helps.

Yogesh

0 Helpful

Go to solution
ZiedN
Level 1
Level 1
In response to yogdhanu

‎04-07-2018 12:22 PM

Hi Yogesh,

It is still the same problem.

0 Helpful

Go to solution
raufm
Level 4
Level 4
In response to ZiedN

‎04-09-2018 08:10 AM

if you look for allowed access to these, which "Access Control Rule" allows the access ? I have ran into similar issues to find out that one of the rule above was the complicit.

0 Helpful

Go to solution
anubmath
Level 1
Level 1
In response to ZiedN

‎04-09-2018 09:07 AM

Hi Zied,

Working on similar case. Apart from "like" able to see other categories blocked on 6.2.3 latest version available.

Regards,

Anubhav

0 Helpful

Go to solution
Ruben De La Vega
Cisco Employee
Cisco Employee

‎10-19-2018 07:25 AM

Good day everyone!

 

Steps to let´s work with these features:

1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.

 

2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc. 

3.- If it does not work, use the next commands in the clish:

 

  • system support ssl-client-hello-tuning extensions_remove 16,13172
  • system support pmtool restartbytype DetectionEngine

And in expert:

  • pmtool restartbytype snort

When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.

Sometimes it seems that you are allowed to give like or send messages, but it is not. 
To check that, use two users and try to comment or send messages between them to prove that.

 

Regards!!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card