Not able to block facebook and other social Networks

Question

XG125 (SFOS 17.5.12 MR-12) I created URL Group and Included facebook.com It didnt work it is applied with a Policy but the same policy does block other domains on the same list, after that tried with creating a Category same result doesnt block facebook then tried and active HTTP and HTTPS Inspection same result. 
 I have a Rule to test the policy applied to just one Host the rule is getting hit correctly I see it on the Log Viewer #17 the rule I created, I had to disable HTTPS inspection it was blocking almost any website almos any category which are not included Banks and News where generating errors blocking certains parts of the websites.

rfcat_vk · Accepted Answer

Hi, 
 a couple of suggestions for your rule, 
 1/. you need to enable block QUIC 
 2/. You are using the Proxy even though you don't have the box ticked because you are scanning http and decrypted https. 
 3/. the DPI does not in its current version scan UDP traffic 
 4/. change the IPS to LAN to WAN, I found that improved my detection of applications etc I want to block 
 5/. if you plan to use the DPI then you need to review the default exceptions in the SSL/TLS policies. 
 6/. you will also need to decrypt HTTPS which means you will need to install the XG CA on the end user devices. 
 Ian

rfcat_vk · Answer

Hi, 
 first thing, please upgrade to v18.5.4. If you want to use https which you will need to block some sites you will need to install the XG CA at the very minimum on your user devices. 
 Ian

Ronnet Patino · Answer

Thanks a lot rfcat the Bloc Quic protocol helped a lot

Not able to block facebook and other social Networks

Top Replies