03-19-2025 02:27 PM
We are currently experiencing an issue with URL filtering and application-based policies. We’ve set up a policy to block the Facebook application, but it’s still being allowed through. In the logs, it shows as the application "Application reddit-base" instead of Facebook.
When we remove the block rule, Facebook-related apps function normally, but when the rule is applied, it allows the traffic as the "reddit-base" application and hits a different rule.
Has anyone encountered a similar issue? We’ve tried both the latest and previous app-IDs and even rolled back, but the issue persists.
Any suggestions or insights would be greatly appreciated!
04-23-2025 10:12 AM
Good Day
Thanks for your message.
As more web-based applications are developed and refined, the useage of SSL forward proxy decryption rules may be needed.
For example, the FW can easily recognize facebook-base, however of the 10 to 15 sub/child applications under facebook (facebook-post, facebook-chat, facebook-video, facebook-filesharing, etc), these applications may not be seen, as the traffic is still encapsulated packet. This would be why certain FB applications would still be allowed.
As for facebook-base showing up as reddit-base, certainly does not sound correct for a L7 application signature based firewall.
You may want to consider opening a TAC case, so they can review/revise the application signatures as needed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
