06-05-2013 08:05 AM
Is there a location that we can review to explain what specific log entries are referencing as seen in the examples below in red:
1370444184.475 289 10.245.221.85 TCP_CLIENT_REFRESH_MISS/200 5041 CONNECT tunnel://fbcdn-dragon-a.akamaihd.net:443/ "tsp1dvc@Ldap" DIRECT/fbcdn-dragon-a.akamaihd.net - DEFAULT_CASE_11-Security_Access-Security_Access-NONE-NONE-NONE-DefaultGroup <IW_infr,4.0,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_infr,-,"-","-","Facebook General","Facebook","Encrypted","-",139.54,0,-,"-","-"> -
1370444246.826 60622 10.245.221.85 TCP_CLIENT_REFRESH_MISS/200 93164 CONNECT tunnel://www.facebook.com:443/ "tsp1dvc@Ldap" DIRECT/www.facebook.com - DEFAULT_CASE_11-Security_Access-Security_Access-NONE-NONE-NONE-DefaultGroup <IW_snet,7.0,"1","-",-,-,-,"-","-",-,-,-,"-","-",-,"-","-",-,-,IW_snet,-,"-","-","Facebook General","Facebook","Encrypted","-",12.29,0,-,"-","-"> -
I am trying to troubleshoot a specfic configuration change and I am gaining access based on these entries, I am trying to block this access. Any help is appreciated.
Thanks
Dominick
06-05-2013 08:40 AM
Those are categories.
infr = infrastructure
snet=social networking
Not sure what version you're on, but if you're running 7.5 or higher, you can enable Application Visibility and Control on Security Services/Acceptable Use Controls, and then under Web Security Manager/Access Policies change what your users can do under Applications. This includes specific Facebook features.
Looking at your snips, you don't want to block Infrastructure as lots of sites use Akamai... and you may not want to just block Social Media...
You could create a custom category and block Facebook.com (there are a couple of other domains too... search this forum) but you may like the flexiblity that the AVC gives you instead.
Ken
06-05-2013 08:47 AM
Ken,
Thanks for the information, I was thinking that but not sure. As for the policies I have 3 different policies already for different types of access to social networking. I was requested to create another policy that will work around these other 3 to allow only access to facebook to certain individuals. I keep tripping up on all the different policies that managment is requesting.
Dominick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide