Palo Alto Networks Knowledgebase: Failed to Block Facebook Chat Consistently

Failed to Block Facebook Chat Consistently

5049
Created On 02/08/19 00:08 AM - Last Updated 02/08/19 00:08 AM
Policy
Symptom

Symptoms

Security Rule has been configured to block Facebook-Chat Application, in the traffic log firewall seems to successfully blocked the Facebook-Chat; however, the user can continue to use Facebook-chat over the web.

Diagnosis

When we use Facebook-Chat in a web page, the web client will open multiple sessions towards the server. Since Facebook integrated chat and messages into one service, half of the sessions will have a chat structure and the other half will have a mail structure. So in order to successfully and consistently block Facebook chat, you  need to block both facebook-chat and also facebook-mail applications.



Resolution

Step 1. Enable decryption.

For more information about Decryption, please refer to "How to Implement and Test SSL Decryption".

 

Step 2. Configure your security rule to block "facebook-chat" and "facebook-mail" applications.

 

Step 3. Create another security rule that allows "facebook-base" application. Add this security rule below the rule created in Step 2 above.

 

With the above configuration, the user still can browse to Facebook, but will not be able to use Facebook-Chat.



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHuCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language