This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How would I block social networking but allow a single Facebook page?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How would I block social networking but allow a single Facebook page?

Go to solution
ClintL
L2 Linker

‎07-08-2014 12:33 PM

I have a URL filtering policy set to block the social networking category which of course includes Facebook.  I need to allow the users that are assigned to this filtering policy access to a single Facebook page along with the pages that correspond to this single page.  I tried the link below with no success and of course I tried to add the specific URL to the allow list in the filtering policy which also did not work.  The weird thing is I never see an actual response page when I have the page blocked.  I get the following error:

Secure Connection Failed

An error occurred during a connection to www.facebook.com.

SSL received a record that exceeded the maximum permissible length

(Error code: ssl_error_rx_record_too_long)

For the security policy itself I have dns, http (filter) and ssl allowed (I've also had web-browsing, with the http(filter) removed, and facebook listed as well) under application and services set to application-default.  Do I have something configured incorrectly?  I feel this should be something simple that I am missing.

How to Allow a Single Facebook, YouTube or Twitter Page

1 person had this problem.
Labels:
1 accepted solution

Accepted Solutions

Go to solution
HULK
L7 Applicator
In response to ClintL

‎07-08-2014 01:52 PM

Hello Sir,

I have checked into a test PAN firewall, and please find below mentioned steps: ( Since, facebook is working on HTTPS[ssl], it would be better to have a decryption policy for the same, otherwise traffic will be categorized based on certificate name)

Step:-1

facebook-config.JPG

Step-2:

facebook-blocked.JPG

facebook-allowed.JPG

I hope, Google chrome, has been enhanced their security feature in chrome, with IE it's working fine. ( You may clear the URL cache once, to confirm the same). I am still trying to make it work with chrome and please allow me some more time.

Hope this helps.

Thanks

View solution in original post

0 Likes Likes
6 REPLIES 6

Go to solution
kadak
L5 Sessionator

‎07-08-2014 12:49 PM

Hello clint.leatherman,

Could you provide me the link of the particular facebook page you are trying to allow.

Thanks and regards,

Kunal Adak

0 Likes Likes

Go to solution
ClintL
L2 Linker
In response to kadak

‎07-08-2014 12:55 PM

Hello Kunal,

The two pages are:

www.facebook.com/SmartStartLA/

www.facebook.com/pages/Smart-Start-Inc/143047259157628/

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to ClintL

‎07-08-2014 01:52 PM

Hello Sir,

I have checked into a test PAN firewall, and please find below mentioned steps: ( Since, facebook is working on HTTPS[ssl], it would be better to have a decryption policy for the same, otherwise traffic will be categorized based on certificate name)

Step:-1

facebook-config.JPG

Step-2:

facebook-blocked.JPG

facebook-allowed.JPG

I hope, Google chrome, has been enhanced their security feature in chrome, with IE it's working fine. ( You may clear the URL cache once, to confirm the same). I am still trying to make it work with chrome and please allow me some more time.

Hope this helps.

Thanks

0 Likes Likes

Go to solution
HULK
L7 Applicator
In response to HULK

‎07-08-2014 02:04 PM

Hello clint.leatherman,


After clearing the cache, it started working in Google chrome as well ( with SSL decryption in place):


chrome-facebook.JPG

Thanks


0 Likes Likes

Go to solution
ClintL
L2 Linker
In response to HULK

‎07-08-2014 02:21 PM

Hey Hulk,

I believe my lack of a SSL decryption policy is the root cause (which probably also explains the SSL error I am getting).  This is my first Palo Alto (and my first NGFW) so I'll have to read up on how to implement that.  I appreciate the help on this and your thorough testing.

Go to solution
HULK
L7 Applicator
In response to ClintL

‎07-08-2014 02:29 PM

You are always WELCOME. Smiley Happy

Thanks

  • 1 accepted solution
  • 6571 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks