How would I block social networking but allow a single Facebook page?

Reply
Highlighted
L2 Linker

How would I block social networking but allow a single Facebook page?

I have a URL filtering policy set to block the social networking category which of course includes Facebook.  I need to allow the users that are assigned to this filtering policy access to a single Facebook page along with the pages that correspond to this single page.  I tried the link below with no success and of course I tried to add the specific URL to the allow list in the filtering policy which also did not work.  The weird thing is I never see an actual response page when I have the page blocked.  I get the following error:

Secure Connection Failed

An error occurred during a connection to www.facebook.com.

SSL received a record that exceeded the maximum permissible length

(Error code: ssl_error_rx_record_too_long)

For the security policy itself I have dns, http (filter) and ssl allowed (I've also had web-browsing, with the http(filter) removed, and facebook listed as well) under application and services set to application-default.  Do I have something configured incorrectly?  I feel this should be something simple that I am missing.

How to Allow a Single Facebook, YouTube or Twitter Page

L5 Sessionator

Re: How would I block social networking but allow a single Facebook page?

Hello clint.leatherman,

Could you provide me the link of the particular facebook page you are trying to allow.

Thanks and regards,

Kunal Adak

L2 Linker

Re: How would I block social networking but allow a single Facebook page?

Hello Kunal,

The two pages are:

www.facebook.com/SmartStartLA/

www.facebook.com/pages/Smart-Start-Inc/143047259157628/

L7 Applicator

Re: How would I block social networking but allow a single Facebook page?

Hello Sir,

I have checked into a test PAN firewall, and please find below mentioned steps: ( Since, facebook is working on HTTPS[ssl], it would be better to have a decryption policy for the same, otherwise traffic will be categorized based on certificate name)

Step:-1

facebook-config.JPG

Step-2:

facebook-blocked.JPG

facebook-allowed.JPG

I hope, Google chrome, has been enhanced their security feature in chrome, with IE it's working fine. ( You may clear the URL cache once, to confirm the same). I am still trying to make it work with chrome and please allow me some more time.

Hope this helps.

Thanks

L7 Applicator

Re: How would I block social networking but allow a single Facebook page?

Hello clint.leatherman,


After clearing the cache, it started working in Google chrome as well ( with SSL decryption in place):


chrome-facebook.JPG

Thanks


L2 Linker

Re: How would I block social networking but allow a single Facebook page?

Hey Hulk,

I believe my lack of a SSL decryption policy is the root cause (which probably also explains the SSL error I am getting).  This is my first Palo Alto (and my first NGFW) so I'll have to read up on how to implement that.  I appreciate the help on this and your thorough testing.

L7 Applicator

Re: How would I block social networking but allow a single Facebook page?

You are always WELCOME. :smileyhappy:

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!