I am trying to block certain Facebook features while allowing others. For example:
Facebook – block - chat, file-share, post, video, voice
However, after implementing it on the PAN, I can still do this with Facebook: I could post, like and upload pictures. Chat doesn’t work at all, though I can see the page.
Is this normal? Is the application "aware" in PAN working as advertised or no?
Are your firewalls that maxed already? Generally speaking you don't see a massive performance hit simply decrypting untrust traffic on current platforms. Unless you're already pushing the limits of your platform, enabling decryption on your untrust traffic shouldn't push your resources on your firewall that hard.
1- I really don't want to decrypt "everything" because it might cause performance issues on the firewall, even on the 5250 platform. This firewall is does everything for both inbound and outbound traffics, including globalprotect.
2- Why do I need to decrypt "everthing" outbound, just for Facebook. I thought I only need it for "social-networking" URL category. If I decrypt "everything", it might choke the firewall.
On a side note, have you ever done what I described in my original thread before? Does it actually "work"?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!