How to block internet access and allow Face time application only.

Hi Shoukat Ali,

You can block it via an Application Filter policy, you can check out the How-To videos for Web/App control here for configurations. You can also block it at the IP address level, if the application filter doesn't help.

According to what I found, there are three ranges of IPs that iMessage/Facetime uses and needs to be allowed/blocked:
17.173.0.1 to 17.173.255.255
17.178.0.1 to 17.178.255.255
17.133.0.1 to 17.133.255.255

These are large IP ranges and likely contain services that you still want to use (ie. App Store). Here, explicitly ALLOW the following range to enable the App Store:
17.173.65.1 to 17.173.65.255

For this, you need to create a User/Network Rule, place it on the TOP and create new definitions/objects for IP ranges and add them in the Destination Networks option inside this new rule. Allow the action and it will do the job.

You need another firewall rule with action defined as DROP and place it below the above mentioned rule with Source: ANY > Services ANY > Destination: ANY.

Thanks,

Dear sachingurung,

Please help in solving the above issue.

Dear sachingurung,

Please help in solving the above issue.

Hi Shoukat Ali,

You can refer to the pg 307 of the Administrative guide here, to create/add a user/network firewall rule.

Thanks

Hi sachingurung,

Thanks for your reply.

I have already created firewall rule as following,

First i have created application policy and deny all the application in the application policy rule. Then allow FaceTime application, infrastructure applications,http and iCloud application in the policy.

Then apply the newly created application policy in the Firewall rule under Application control and select deny all web traffic under web control.

The result is that the Facetime application is working and rest of the web traffic is blocked.

But there is still a problem... FaceTime Video quality is poor and the FaceTime is going to stuck during video call.

Please support in this regard if you can.

BR,

Shoukat Ali

The quality could be poor due to bandwidth or IPS. Multiple factors can be associated with it. The simplest approach first, provide a particular guaranteed bandwidth value that FaceTime application can use, refer to, https://community.sophos.com/kb/en-us/123062. 

Thanks,

Hi,

have you disabled video and audio scanning?

Please remember this is a user to user forum and for the amount of assistance you are requiring you should be talking to your partner/reseller.

Ian

Hi lan,

can you please guide me, how to disable audio video scanning?

BR,

Shoukat Ali

Hi,

With reference to your link, I have try to apply traffic shaping policy on FaceTime firewall rule. There is no success, the issue is still same.

BR,

Shoukat Ali

Hi,

web -> general settings -> Malware and content scanning -> advanced settings.

There is a possibility it is off by default, but worth checking.

Also what is the bandwidth of your internet link?

Ian

Hi,

Thanks for the update. I have checked settings but there is no video audio scanning enabled. All the things are disabled by default.

BR,

Shoukat Ali

Hi All,

Thanks for your support and suggestions given to me to fix the issue.

My issue has resolved. There is an issue with end user device not with the firewall. 

Now i have installed Sophos XG230 virtual appliance on premises and checked to apply the same application policy and firewall rule mentioned earlier by me in the above posts. The result is that Face Time application is working fine as well as the video call quality is also fine and reset of the web traffic is blocked as required.

Thanks again to everybody whom he support me in this regard.

BR,

Shoukat Ali