- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-25-2018 07:22 PM
Need to block facebook chat and allow Facebook for some user group.
i was reading this
Allow application facebook before denying application facebook-chat
Does it mean block facebook chat first then allow application facebook?
10-29-2018 05:36 AM - edited 10-29-2018 05:39 AM
Yes. To remove confusion, let's see if I can get a picture that demonstrates.
I think this would do what you're wanting to do - let me know if this helps clarify:
That would deny anyone on "inside" from traffic identified as Facebook-Chat, but any other Facebook traffic would be allowed.
10-26-2018 01:19 PM
I think it will depend on how you're allowing facebook.
https://applipedia.paloaltonetworks.com/
If you look for "facebook", that collection encapsulates facebook-chat. So if you have a rule that allows "facebook", you will allow chat, and if you want to block it, the deny rule needs to be a higher order rule above that. If you allow "facebook-base", then you can deny facebook-chat in a rule below it. By default, interzone traffic will be denied unless you have an implicit-allow rule in your policy.
One other approach is to look at controlling Facebook by using an Application Filter - Facebook is specifically described as the example:
10-26-2018 02:57 PM
Thanks for replying to the post
Can you please confirm below
Allow application facebook before denying application facebook-chat
Does it mean block facebook chat first then allow application facebook?
10-29-2018 05:36 AM - edited 10-29-2018 05:39 AM
Yes. To remove confusion, let's see if I can get a picture that demonstrates.
I think this would do what you're wanting to do - let me know if this helps clarify:
That would deny anyone on "inside" from traffic identified as Facebook-Chat, but any other Facebook traffic would be allowed.
10-29-2018 06:56 AM
Thanks for confirming that.
Wording was little tricky.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!