Yeah I still can't get it

linlinoo · ‎07-31-2016

Hi,

I would like to discuss about blocking FB chat, post and comment with firepower 6.0. In our LAB, we can block FB application from app filtering features but we can't block FB chat, post or other messenger app. Now, we are also using SSL inspection policy but we can't block those app. How can we do to block those app ? Thanks in advance.

Jetsy Mathew · ‎07-31-2016

Hello Team,

If this is a new installation , please start the device in the latest version .

Using the application filter in the Access Control policies rules, you can choose the facebook filters available and choose action as Block with reset and save the changes.Please refer the facebook filter options available.

Please redeploy the policies and you can see it gets blocked. Make sure that there is no other conflicting rules, and verify the position of the rules. Dont put a url and a application filter in same rule.

Rate and mark correct if the post helps you

Regards

Jetsy

linlinoo · ‎08-01-2016

Hi all,

Many thanks. Now, i have tested with your guide. But, my firewall still allow for those app.

- I configured SSL inspection policy (Decrypt-Resign), then access policy with application filter (block with reset).

- Then, I face one problem certificate error for some websites(facebook, yahoo, etc) as below. But, i can browse to https://cisco.com, https://ine.com or some websites.

So, i import certificate to trusted Authorities from Firefox. Then, i can solve certificate error. But, i can not block FB chat, post and comment.

What do i need to do more configuration to block FB chat, post, comment or other app blocking ? Thanks.

linlinoo · ‎08-07-2016

Hi Everyone,

How about this issue ?

kzip200888 · ‎08-24-2016

Yeah I still can't get it working either

Jose Colon II · ‎09-21-2016

I am unable to get this to work either. The only one I can get to work is Facebook games. Chat and comment is still allowed even though they are checked to be blocked with reset.

kzip200888 · ‎09-23-2016

To get this working, simply upgrade to version 6.1 and implement again.

Version 6 is full of bugs and should of never of been released.

Abid Abdul Latif · ‎09-23-2016

I will second the version part of it

i am using 6.1.0-330 and all working as expected .. with no ssl policy i am able to block social media sites including twitter over https using url filtering and for the facebook i have app rules and its working.

mohamedMeh1 · ‎11-01-2016

Hi; Could you please share some connection events print screen? Regards Mehdi

linlinoo · ‎11-04-2016

Hi All,

I think we should open TAC case because we can't block some app (FB chat, bandwidth shaping, ultra surf, etc..) with lowest version. If we want to block something, cisco recommend that you should upgrade newest version. Now, cisco is changing the whole ASA to FTD (firepower threat defense). With FTD, we hope this OS will be covered to block those app. Currently, we can't easily to block those app without TAC.

johnjersey · ‎11-08-2016

I am having the same issue - I can block facebook, but not games, chat etc

Julio Coral Orbes · ‎12-01-2016

Same issue here with Firepower 6.1.0. Decryption is working fine, but the device is unable to recognize the micro Apps, in the connection events it only appears as Facebook. tested with Facebook images, video, games, likes, chat, none of them are detected.

saintlan1 · ‎02-12-2018

This issue also my concern fb video appps unable to block on firepower. Fortinet can do.

Abid Abdul Latif · ‎09-15-2016

You don't want to block facebook, you just want to block chat / post and comment ? correct ?

kzip200888 · ‎09-17-2016

Yes, this is correct

Facebook Chat, post, comment block with Firepower 6.0