No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Block Facebook videos

Publication Date:  2018-01-28 Views:  112 Downloads:  0
Issue Description
Customer tried to block facebook Vidoes only while allowing facebook login, photos and chatting by using application control in security policy 
but facebook vidoes can be visited by users even if SSL decryption is configured properly with related certificates generated 

USG6300 V500R001C30SPC100

#
proxy-policy
 rule name ssl
  source-zone trust
  destination-zone untrust
  source-address address-set Zaheer
  action ssl-decrypt
#
 rule name All_Users_Social_Block
  policy logging
  session logging
  source-zone trust
  destination-zone untrust
  application app Facebook_Videos
  application app Facebook_FileTransfer
  application app Facebook_Applications
  application app Facebook_Games
  application app Facebook_Messages
  application app Facebook_VideoChat
  application app Facebook_Posting
  application app hi5
  application app Facebook_Touch
  application app-group Video_Blocks
  application category Entertainment sub-category Game
  application category Entertainment sub-category Media_Sharing
  application category Entertainment sub-category Wireless
  application category Network sub-category Encrypted_Tunnel
  application category Network sub-category Proxy
  application category Entertainment sub-category MicroBlog
  application category Entertainment sub-category PeerCasting
  application category Entertainment sub-category Web_Video
  application category Network sub-category Attack
  application label Bandwidth-Consuming
  application label Supports-Video
  action deny
#
Alarm Information

USG cannot detect facebook vidoes and block them but able to block other facebook features 

Handling Process

1- During Remote session we tried facebook Vidoes access through different browsers but vidoes are still accessable 

2- Checking USG session table from specified source address during opening facebook videos :

We cant connect to Pakistan Facebook, so we connect to America Facebook to test. When we enabled SSL decryption, and configured Facebook_games &  Facebook_Photos & Facebook_videos, tested to open videos, it cant access, mean block videos successfully.

From your session table, you already configured Facebook_Photes, and blocked it. this maybe related with Pakistan Facebook speciality.

Facebook_Photos  VPN: public --> public  ID: a58f39e67894846d9759e5ef90

Zone: trust --> untrust  TTL: 00:02:00  Left: 00:00:13

Recv Interface: GigabitEthernet1/0/1

Interface: GigabitEthernet1/0/6  NextHop: 202.83.166.97  MAC: 4846-fbef-a263

<--packets: 6 bytes: 4,183 --> packets: 7 bytes: 1,133

10.0.1.59:49705[202.83.166.104:3183] --> 157.240.7.26:443(Block) PolicyName: Blocked Applications

TCP State: established


3- We captured packets during opening facebook video:

From the wireshark files, the fackbook integrated with the third part video application. As those applications are developed and related with different countries, firewall cant detect all of them. Firewall can detect the common and general application:


Root Cause

Fackbook of pakistan integrated with the third part video application. As those applications are developed and related with different countries, firewall cant detect all of them. Firewall can detect the common and general application.

Solution

To block this video, add one more rule for the currently user defined application of facebook, and click Commit. (Please note, this operation just block the video which you tested last day, not for all the third part video which integrate with facebook.)

Suggestions

Some thrid party application cannot be detected and blocked by USG, so you can only create user defined application for the code you got from packet capturing 
this is normal for any firewall. You can use this solution as work around solution 

END