I would like to discuss about blocking FB chat, post and comment with firepower 6.0. In our LAB, we can block FB application from app filtering features but we can't block FB chat, post or other messenger app. Now, we are also using SSL inspection policy but we can't block those app. How can we do to block those app ? Thanks in advance.
You should be able to block these using an Access Control Policy.
When you search for Applications as a condition, you will see the three that you need " Facebook Chat", "Facebook Comment" and "Facebook post". Here is the screenshot showing the same:
You can use this as a condition and block the required traffic in the rule. Make sure you deploy after making the changes so that it is pushed to the sensor.
Rate if it helps !
i have the same issue, im using v184.108.40.206
if i try allow only skype it wont work because it needs HTTPS, if i add HTTPS to allowed list, it will allow youtube and many other apps that works with HTTPS....
Good day everyone!
Steps to let´s work with these features:
1.- Create the certificate and download to your PC and added in to "Trusted Root Certification Authorities", if you use firefox you can add the certificate or configure firefox to use the trusted store of the computer. For this last, open firefox and go to "about:config", accept the warning and in the search type "security.enterprise_roots". You will se the file "false" or "not true", double click on it to become "true" or "active". This will use the computer's certificates.
2.- Create your SSL policy do Decrypt, and your ACP to block comments, likes, etc.
3.- If it does not work, use the next commands in the clish:
And in expert:
When you apply this commands will cause an outage for 1 minute, be aware. This is all you need.
Sometimes it seems that you are allowed to give like or send messages, but it is not.
To check that, use two users and try to comment or send messages between them to prove that.
Thank you for this post, it seems to work for some applications but not for all without an SSL policy to decrypt traffic.