Publication Date: 2019-07-19 | Views: 451 | Downloads: 0 | Author: m80047048 | Document ID: EKB1001264894
USG cannot detect facebook vidoes and block them but able to block other facebook features
1- During Remote session we tried facebook Vidoes access through different browsers but vidoes are still accessable
2- Checking USG session table from specified source address during opening facebook videos :
We can’t connect to Pakistan Facebook, so we connect to America Facebook to test. When we enabled SSL decryption, and configured Facebook_games & Facebook_Photos & Facebook_videos, tested to open videos, it can’t access, mean block videos successfully.
From your session table, you already configured Facebook_Photes, and blocked it. this maybe related with Pakistan Facebook speciality.
Facebook_Photos VPN: public --> public ID: a58f39e67894846d9759e5ef90
Zone: trust --> untrust TTL: 00:02:00 Left: 00:00:13
Recv Interface: GigabitEthernet1/0/1
Interface: GigabitEthernet1/0/6 NextHop: XX.83.166.97 MAC: XXXX-fbef-a263
<--packets: 6 bytes: 4,183 --> packets: 7 bytes: 1,133
10.0.1.59:49705[XX.83.166.104:3183] --> XX.XX.7.26:443(Block) PolicyName: Blocked Applications
TCP State: established
From the wireshark files, the fackbook integrated with the third part video application. As those applications are developed and related with different countries, firewall can’t detect all of them. Firewall can detect the common and general application:
Fackbook of pakistan integrated with the third part video application. As those applications are developed and related with different countries, firewall can’t detect all of them. Firewall can detect the common and general application.
To block this video, add one more rule for the currently user defined application of facebook, and click “Commit”. (Please note, this operation just block the video which you tested last day, not for all the third part video which integrate with facebook.)
Some thrid party application cannot be detected and blocked by USG, so you can only create user defined application for the code you got from packet analyzing
this is normal for any firewall. You can use this solution as work around solution