Hi,
Assuming that you don't have URL Filtering feature, you could use http
resources. I have made this configuration on several customers without
problems.
Go to SmartDashboard > Manage > Resources > New > URI
Set a name and make sure you choose "Wildcards" as URI match Spec type, then
go to "Match" tab and on the "Host" field, use the following syntax:
{*facebook*,*twitter*,*some_other_domain*,*and_so_on*}
Then, use this Resource on the Service field of a rule.
I have seen these limitations on this configuration:
- The rule with the resource must be before any other rule that allow http
traffic (pretty obvious, ahh)
- The firewall must be able to resolve names. If not, all web browsing will
be rejected by the firewall
- This will work just for http traffic, so If a user browse
https://www.facebook.com it'll not work
I hope this help, and if anybody has a workaround for these limitation I
have found (beside using a proxy) it will be very appreciated.
GRios
_______________________________
Gustavo Ríos P.
Network Security Engineer
email: [email protected]
www.cybertechprojects.com
Telf.: +58 212 266 1980/ 2503
Cel: +58 412 801 4879
Fax: +58 212 266 9995
******************************************************
NOTA CONFIDENCIAL: La información contenida en este E-mail es confidencial y
sólo puede ser utilizada por la persona o la compañía a la cual está
dirigido y/o por el emisor. Si no es el receptor autorizado, cualquier
retención, difusión, distribución o copia de este mensaje es prohibida y
será sancionada por la ley. Si por error recibe este mensaje, favor
devolverlo y borrar el mensaje recibido inmediatamente.
CONFIDENTIAL NOTE: The information in this E-mail is intended to be
confidential and only for use of the individual or entity to whom it is
addressed and/or the issuer. If you are not the intended recipient, any
retention, dissemination, distribution or copying of this message is
strictly prohibited and sanctioned by law. If you receive this message by
error, please immediately send it back and delete the message received.
-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]] On Behalf Of Francisco
Ruiz Ibañez
Sent: Martes, 23 de Febrero de 2010 08:05 a.m.
To: [email protected]
Subject: [FW-1] Blocking Facebook, Twiter and Messenger with fw1
Hello
We want to restrict access to facebook, twiter and messenger for
some people. Can we do It using fw1?
I've seen Msn ports defined in services tab but nothing about facebook,
twiter and similar applications.
Regards.
----------------------------------------------------------------------------
Este correo electrónico contiene información privada que puede estar
legalmente protegida, parcial o totalmente. Es solo para uso del
destinatario al que está dirigido. Si ha recibido este mensaje por error,
le rogamos que lo notifique al remitente del email y que además borre de su
sistema el mensaje así como todas sus copias, incluyendo las posibles
copias del mismo en su disco duro, y se abstenga de usar, revelar,
distribuir a terceros, imprimir o copiar ninguna de las partes de este
mensaje.
Los datos personales que pueda contener el presente mensaje, ya sea en su
contenido o en los destinatarios, cumplen con lo establecido en la Ley
Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Caracter
Personal.
----------------------------------------------------------------------------
This e-mail contains proprietary information some or all of which may be
legally protected. It is for sole use of the intended recipient only. If
you have received this message by mistake, you are requested to notify the
e-mail sender and erase both the message and any copies from your system,
including hard disk copies. You are further requested to refrain from
using, distributing to third parties, printing or making copies of any
parts of this message.
The personal data that may appear in this e-mail message are in accordance
with the Organic Law 15/1999 of 13 December on the Protection of Personal
Data.
----------------------------------------------------------------------------
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
