I have a URL filtering policy set to block the social networking category which of course includes Facebook. I need to allow the users that are assigned to this filtering policy access to a single Facebook page along with the pages that correspond to this single page. I tried the link below with no success and of course I tried to add the specific URL to the allow list in the filtering policy which also did not work. The weird thing is I never see an actual response page when I have the page blocked. I get the following error:
Secure Connection Failed
An error occurred during a connection to www.facebook.com.
SSL received a record that exceeded the maximum permissible length
(Error code: ssl_error_rx_record_too_long)
For the security policy itself I have dns, http (filter) and ssl allowed (I've also had web-browsing, with the http(filter) removed, and facebook listed as well) under application and services set to application-default. Do I have something configured incorrectly? I feel this should be something simple that I am missing.
Solved! Go to Solution.
Could you provide me the link of the particular facebook page you are trying to allow.
Thanks and regards,
The two pages are:
I have checked into a test PAN firewall, and please find below mentioned steps: ( Since, facebook is working on HTTPS[ssl], it would be better to have a decryption policy for the same, otherwise traffic will be categorized based on certificate name)
I hope, Google chrome, has been enhanced their security feature in chrome, with IE it's working fine. ( You may clear the URL cache once, to confirm the same). I am still trying to make it work with chrome and please allow me some more time.
Hope this helps.
After clearing the cache, it started working in Google chrome as well ( with SSL decryption in place):
I believe my lack of a SSL decryption policy is the root cause (which probably also explains the SSL error I am getting). This is my first Palo Alto (and my first NGFW) so I'll have to read up on how to implement that. I appreciate the help on this and your thorough testing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!