How to block like/comment/post/share features of Facebook using App Rules

Description

This articles shows how to block like/comment/post/share features of Facebook using App Rules. As there are individual signatures assigned for each feature, only certain features can also be blocked while allowing the others.

The following configuration changes are mandatory for App Rules to effectively block required Facebook signatures-

  1. Login to the SonicWall Management UI.

  2. Block UDP traffic on ports 80 and 443 using access rules from internal zone (LAN) to WAN zone.

    - Create Service objects for UDP port 80 and 443
    - Create Service group and add UDP 80 and 443 objects to the group
    - Add a new Access Rule to block traffic to WAN on UDP port 80 and 443

    Image

  3. Enable Client DPI-SSL and also enable the options for all the features on which you wish to apply DPI-SSL.

    NOTE: If this is the first time DPI-SSL is being enabled on the firewall then please consult the following KB - Where can I learn more about DPI-SSL?

    Image     

  4. Make sure GAV and IPS is enabled.

    Image

    Image

  5. Enable the checkbox for "Enable Optimal Value below" from the diag page and Change "Optimal value" from 10240 to 50000.
  6. Disable the checkbox for 'Limit IPS CFT scan' from the diag page settings in the firewall.

    NOTE: Please consult support for making the above changes (Step 5 and 6) in the diag page.



  7. Create a match object with the following signatures-

    Like-
    3263 Facebook – App Feature (Like) [Reqs DPI-SSL CI]
    3538 Facebook -- App Feature (Reel - Like) 1 [Reqs DPI-SSL CI]
    3490 Facebook -- App Feature (Story) 1 [Reqs DPI-SSL CI]

    Comment-
    3264 Facebook – App Feature (Comment) [Reqs DPI-SSL CI]

    Post-
    15570 Facebook – App Feature (Post) [Reqs DPI-SSL CI]

    Share-
    3325 App Feature (Post reshare) [Reqs DPI-SSL CI]
    3349 App Feature (Reshare through story) [Reqs DPI-SSL CI]
    3350 App Feature (Reshare through Messenger) [Reqs DPI-SSL CI]
    3899 App Feature (Reshare) [Reqs DPI-SSL CI]

    NOTE: Add all the above signatures to block like/comment/post/share. Else add only the required signatures depending on what feature needs to be blocked.



    Image

  8. Enable App Rules in the global settings. Add a new App rule with above match object to block the added signatures. 

    Image

    Image

    Image

 

Testing Results-

Like- When a user clicks on like, it will initially show that the like has gone through but this is just on UI. If the page is refreshed, user can verify that the like was not allowed.

Comment/Post- User should see an error message when tried to comment or post.

Share- When clicked on share button, options for sharing will not show up or in some cases an error message comes up when tried to share.

Event Logs should show logs similar to below image-

Image

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
NSa Series
Application Firewall
Firewalls
NSsp Series
Application Firewall4
Firewalls
NSv Series
Application Firewall
Firewalls
TZ Series
Application Firewall
not finding your answers?
Ask the Community