Palo Alto

Blocking Facebook or Facebook Chat Using Palo Alto APP-ID

Work Time is Work Time
So unless you work in Marketing then you don’t need any Social Website
so Aysar Mohamed (ME) is an IT guy and i want my self to do IT Work and stop playing around the Facebook (i am sure my manager agree in  this point)so let’s do it

First go to Monitor – Logs – traffic and as you can see it full by Facebook logs by Aysar and it depend on one Application (facebook-base)

1
So let go to Policies – Security – add new (Stop facebook)91
Select the Source Zone (Inside) and Source Address (My Laptop IP Address)3
Select my user (Aysar.Mohamed)4
Select the Destination my outside interface5
then here choose the application (facebook-base) which appear in my logs90
Now Choose action to deny
92
Make sure to move this rule to the top
7
As you can see now i cant open my facebook at all and it give me this error7a
and if you go back to the logs you will see the action (reset-both)8

Now what if i want Aysar to view his Facebook but don’t want him to Chat with Anyone
Easy go back to my (Stop facebook) Policy change the APP-ID to (facebook-chat) and save9
some application can’t just stop by choosing the APP-ID you need to select also what it depend on
so highlight the rule and go to the application tab and choose facebook-chat and right click and choose (Value) to see what its Depends on.
so for facebook-chat it depends on
facebook-base
mqtt
Now If i select facebook-base it will also block facebook page Also
so here the trick
10
Add only mqtt
11
Then in my Second Rule (Aysar Allow) i will add to Alow the facebook-base12
under Application i will only add the facebook-base13
Now i can go to my facebook but as you can see my Chat is Dark (Unable to connect) 15
and as you can see in the Logs it block the facebook-chat14

 

Advertisements
Standard

One thought on “Blocking Facebook or Facebook Chat Using Palo Alto APP-ID

  1. Pingback: Blocking Youtube Using Palo Alto URL Category | Root

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s