How to block Facebook games in ASA5520

Jason Cantos · ‎05-29-2013

i have a running ASA5520 with limited protocols allowed but my objective now is blocking all facebook games and still allowing facebook website. anybody can help me with this??

Jouni Forss · ‎05-29-2013

Hi,

Sounds to me like something that you cant do on your ASA alone atleast.

To my understanding the new ASA CX could do this. Allow Facebook itself but still block parts of it like sharing pictures and playing games.

I am still waiting for a new ASA5515-X with ASA-CX so I can get to testing it myself.

Sadly this is naturally not something that its going to help you with your current device.

I am not totally sure what the different ASA modules and external web filtering services are able to do as I have never used them personally.

- Jouni

Jouni Forss · ‎05-29-2013

If you want to take a look at the ASA-CX more closely, here is for example site that lists the things related to Facebook it can control

http://asacx-cisco.com/

- Jouni

Jason Cantos · ‎05-29-2013

my objective is to block all facebook games from my ASA5520 but not the facebook page

Jouni Forss · ‎05-29-2013

Hi,

To my understanding this would be possible with the ASA-CX.

I am not all that sure if its possible on the ASA alone. I imagine at the least you would need some web filtering solution and I am not even sure about that.

You should probably wait for someone from Cisco to answer or open a TAC Case with Cisco if you have the possibility to open one.

- Jouni

Jason Cantos · ‎05-30-2013

ow about blocking of website or domain such as apps.facebook.com because all games is going to this UR apps.facebook.com

Collin Clark · ‎05-30-2013

You can filter by url, but it's not very scalable. I've done it with the cx, but with no cx you're pretty limited. Here's a write-up I did for url filtering.

http://www.packetpros.com/2012/08/url-filter-on-asa.html

Sent from Cisco Technical Support Android App

prashantrecon · ‎05-30-2013

you guys are rights .

this can not achieve only with asa 5520 .

in my organization i am using Cyberoam UTM and it is pretty good.

You can even block chating and still allowing facebook websites

Regards,

Prashant

Jason Cantos · ‎05-31-2013

Yes it can be done in Cyberoam which i used before but with my new company all cisco equipment including firewall hope soon Cisco is going to have same function and easy to manage.

B. BELHADJ · ‎06-01-2013

Hi Jason,

Your need is not the role of ASA 5520. For this you have to use a web filtering system.

Best regards.

Jason Cantos · ‎06-01-2013

Hi Belhadj,

yes i guess but with limited resources i will pobably check linux OS and use one pc in the office for web filtering.

B. BELHADJ · ‎06-02-2013

Please remember to mark the reply as the correct answer!!

a.giorgi · ‎07-30-2013

Hi everybody:

Somebody know any another cisco device to achive this application control, like facebook games, or other application?

I've read about a WLC or ISE, but you need an advanced licence, and this bring to me to another question

May I get this kind of advance license in a tryal mode?

I want to make a demo to show to my clients how to control this kind of activities, but I don't have an ASA CX

Any suggestion?

Thanks in advance

Al