cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10439
Views
6
Helpful
22
Replies

Facebook Chat, post, comment block with Firepower 6.0

linlinoo
Level 1
Level 1

Hi,

I would like to discuss about blocking FB chat, post and comment with firepower 6.0. In our LAB, we can block FB application from app filtering features but we can't block FB chat, post or other messenger app. Now, we are also using SSL inspection policy but we can't block those app. How can we do to block those app ? Thanks in advance.

22 Replies 22

Pujita Patni
Cisco Employee
Cisco Employee

Hi,

You should be able to block these using an Access Control Policy.

When you search for Applications as a condition, you will see the three that you need " Facebook Chat", "Facebook Comment" and "Facebook post". Here is the screenshot showing the same:

You can use this as a condition and block the required traffic in the rule. Make sure you deploy after making the changes so that it is pushed to the sensor.

Thanks,

Pujita

Rate if it helps !

Ahmed Ismail
Level 1
Level 1

are you able to block these application ???, i think the problen is fmc see all facebook app as facebook look to attach 

hacizeynal
Level 1
Level 1

Hi ,I am using version 6.2 and I am still unable to block Facebook Chat or Comment ,Firepower is full of bugs !!

Samer R. Saleem
Level 4
Level 4

i have the same issue, im using v6.2.0.2

if i try allow only skype it wont work because it needs HTTPS, if i add HTTPS to allowed list, it will allow youtube and many other apps that works with HTTPS....

Seems you guys are hitting bug CSCvh91548. I have a similar case open with Cisco.

 

Ruben De La Vega
Cisco Employee
Cisco Employee

 Good day everyone!

 

Steps to let´s work with these features:

1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.

 

2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc. 

3.- If it does not work, use the next commands in the clish:

 

  • system support ssl-client-hello-tuning extensions_remove 16,13172
  • system support pmtool restartbytype DetectionEngine

And in expert:

  • pmtool restartbytype snort

When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.

Sometimes it seems that you are allowed to give like or send messages, but it is not. 
To check that, use two users and try to comment or send messages between them to prove that.

 

Regards!!

 

Hello Ruben,

 

Thank you for this post, it seems to work for some applications but not for all without an SSL policy to decrypt traffic.

 

I'm using Firepower 6.4.0 but still can't block Chat, games, and message on Facebook ..
I think Firepower is full of Bug.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: