APPLICATION CONTROL : FACEBOOK POLICY IS NOT WORKING

Question

Hi SOPHOS COMMUNITY, ENGINEER and ARCHITECT 
 Good Day 
 Have you encountered that the FACEBOOK SUB application bypass your POLICY. 
 Here is the Scenario. 
 Under Application control, I ONLY allow facebook POST and DENY ALL OTHER FEATURES like (facebook comment, like, video, message etc) 
 then my policy is NOT WORKING 100%, you can comment, like, message etc 
 How to SOLVE this kind of ISSUE?? 
 Attached Screenshot for your reference 
 SG135w (SFOS 16.05.0 RC-1) 
 
 Thank you

lferrara · Accepted Answer

kunkka , 
 in order to allow/block micro-apps, you need to: 
 
 enable decrypt and scan on the firewall rule where the Application is applied 
 make sure micro-app scanning is enabled: system application_classification microapp-discovery show 
 
 Regards

lferrara · Answer

kunkka , 
 use the log viewer in order to understand which firewall rule is matched (for allowed traffic). 
 If you are unsure, move this rule to the top or share with us your Firewall rules. 
 Regards

lferrara · Answer

That's why micro-app scanning is not working. 
 Enable it and try again!

lferrara · Answer

kunkka , 
 you need to activate micro-app discovery, so the ON switch must be used. Go on Sophos Website and download the CLI documentation for more commands. 
 Regards

sachingurung · Answer

Configure a Web Category and add the keyword "fbcdn" add it in the Web filter policy; block HTTPS in the category definition and don't forget to turn ON its status. That should block the FB Videos. 
 
 Cheers-

sachingurung · Answer

Hi Luk, 
 This should be already known by the support team and a fix will be introduced. I came across this glitch only when I reproduced it. 
 Cheers

lferrara · Answer

kunkka , 
 use the application and web filtering logs in order to understand what is still missing for videos on Facebook and block them accordingly. 
 Regards