Blocking certain Facebook features while allow others with PAN version 8.1.17

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Blocking certain Facebook features while allow others with PAN version 8.1.17

L4 Transporter

I am trying to block certain Facebook features while allowing others.  For example:


Facebook – block - chat, file-share, post, video, voice


However, after implementing it on the PAN, I can still do this with Facebook:  I could post, like and upload pictures. Chat doesn’t work at all, though I can see the page.


Is this normal?  Is the application "aware" in PAN working as advertised or no?


Cyber Elite
Cyber Elite

Are you using ssl decryption on all your outbound sessions ?

These applications will only work properly if you decrypt everything



Tom Piens
PANgurus - (co)managed services and consultancy

I decrypt everything listed in "social-networking" URL category so I assume FaceBook is one of them. Can't decrypt "everything" because that will choke the PAN firewalls


Are your firewalls that maxed already? Generally speaking you don't see a massive performance hit simply decrypting untrust traffic on current platforms. Unless you're already pushing the limits of your platform, enabling decryption on your untrust traffic shouldn't push your resources on your firewall that hard. 

L4 Transporter



1- I really don't want to decrypt "everything" because it might cause performance issues on the firewall, even on the 5250 platform.  This firewall is does everything for both inbound and outbound traffics, including globalprotect.


2- Why do I need to decrypt "everthing" outbound, just for Facebook.  I thought I only need it for "social-networking" URL category.  If I decrypt "everything", it might choke the firewall.


On a side note, have you ever done what I described in my original thread before?  Does it actually "work"?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!