Meraki

Community

Block Facebook app but allow Facebook Messenger

raffygo
Comes here often
‎Jul 10 2020 10:18 AM
‎Jul 10 2020 10:18 AM

Block Facebook app but allow Facebook Messenger

Hi!

I've been trying to block the Facebook app on mobile phones and allow Facebook Messenger by using Layer 7 and Content filtering rules but unfortunately the Facebook app still goes through however, it is already blocked on the web browser. Facebook Messenger app is also blocked but I want it to be allowed through.

I've already tried to put some of the known URLs of Facebook on the black list and Facebook Messenger on the white list but nothing works.

 

Anybody who has been successful in doing this setup?

 

Thanks a lot!

0 Kudos
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 10 2020 8:44 PM
‎Jul 10 2020 8:44 PM

I doubt that it would work, as they are bound to use similar shared systems, such as a login system, api backend, etc.

 

If you still want to persist in the overwhelming odds of failure, do a packet capture on port 53, reboot the devices, and then access the two different systems.  Examine what DNS entries that are requested.

You might be able to come up with a set of DNS entries unique to one that you can block but still allow the other to work.

0 Kudos
In response to PhilipDAth
raffygo
Comes here often
‎Jul 10 2020 11:07 PM
‎Jul 10 2020 11:07 PM

Okay. How about blocking the whole Facebook service? I can't seem to block the Facebook app. Any suggestions?

0 Kudos
In response to raffygo
CptnCrnch
Kind of a big deal
Kind of a big deal
‎Jul 11 2020 8:22 AM
‎Jul 11 2020 8:22 AM

Security & SD-WAN -> Firewall -> Layer 7 Firewall rules:

Deny Social web & photo sharing -> Facebook

0 Kudos
In response to CptnCrnch
raffygo
Comes here often
‎Jul 11 2020 8:29 AM
‎Jul 11 2020 8:29 AM

Hi. I've already denied Social web & photo sharing -> Facebook in Layer 7 and also Social Networking on Content Blocking. But only the web browser based and Messenger apps get blocked. The Facebook app still goes through these filters. Any suggestions? 

0 Kudos
In response to raffygo
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jul 12 2020 7:19 PM
‎Jul 12 2020 7:19 PM

Trying using content filtering to block the following, make sure you are not type www. at the beginning. 

 

facebook.com

fbcdn.net

fbcdn.com

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to raffygo
shakesh
Comes here often
‎Aug 17 2020 10:21 PM
‎Aug 17 2020 10:21 PM

HI raffygo,

 

Did you achieve your goal on this, as I have the same issue and wanted to know the solution for this.

0 Kudos
Tadpole86
Getting noticed
‎Aug 20 2020 12:50 PM
‎Aug 20 2020 12:50 PM

To achieve this level of granular control you want you will struggle on the Meraki for the reasons previously outlined. You would need a firewall that supports HTTPS inspection, which basically decrypts the traffic to be able to differentiate between facebook messenger and regular Facebook. 

 

If you are having issues with blocking mobile apps it will likely be because of the quic protocol.

 

a lot of apps use the new-ish QUIC protocol which uses UDP ports 80 and 443 which does not get picked up by the content filtering rules. 

 

Once you have configured the recommended rules the QUIC traffic will get blocked by the Firewall, the app will then fall back to using traditional TLS/SSL which will be blocked by the Meraki content filtering rules.

 

Bedtime reading 🙂

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC#:~:text=Palo%20Alt...

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.