cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block Facebook app but allow Facebook Messenger

Highlighted
Comes here often

Block Facebook app but allow Facebook Messenger

Hi!

I've been trying to block the Facebook app on mobile phones and allow Facebook Messenger by using Layer 7 and Content filtering rules but unfortunately the Facebook app still goes through however, it is already blocked on the web browser. Facebook Messenger app is also blocked but I want it to be allowed through.

I've already tried to put some of the known URLs of Facebook on the black list and Facebook Messenger on the white list but nothing works.

 

Anybody who has been successful in doing this setup?

 

Thanks a lot!

7 REPLIES 7
Highlighted
Kind of a big deal

Re: Block Facebook app but allow Facebook Messenger

I doubt that it would work, as they are bound to use similar shared systems, such as a login system, api backend, etc.

 

If you still want to persist in the overwhelming odds of failure, do a packet capture on port 53, reboot the devices, and then access the two different systems.  Examine what DNS entries that are requested.

You might be able to come up with a set of DNS entries unique to one that you can block but still allow the other to work.

Highlighted
Comes here often

Re: Block Facebook app but allow Facebook Messenger

Okay. How about blocking the whole Facebook service? I can't seem to block the Facebook app. Any suggestions?

Highlighted
Kind of a big deal

Re: Block Facebook app but allow Facebook Messenger

Security & SD-WAN -> Firewall -> Layer 7 Firewall rules:

Deny Social web & photo sharing -> Facebook

Highlighted
Comes here often

Re: Block Facebook app but allow Facebook Messenger

Hi. I've already denied Social web & photo sharing -> Facebook in Layer 7 and also Social Networking on Content Blocking. But only the web browser based and Messenger apps get blocked. The Facebook app still goes through these filters. Any suggestions? 

Highlighted
Kind of a big deal

Re: Block Facebook app but allow Facebook Messenger

Trying using content filtering to block the following, make sure you are not type www. at the beginning. 

 

facebook.com

fbcdn.net

fbcdn.com

 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Just browsing

Re: Block Facebook app but allow Facebook Messenger

HI raffygo,

 

Did you achieve your goal on this, as I have the same issue and wanted to know the solution for this.

Highlighted
Getting noticed

Re: Block Facebook app but allow Facebook Messenger

To achieve this level of granular control you want you will struggle on the Meraki for the reasons previously outlined. You would need a firewall that supports HTTPS inspection, which basically decrypts the traffic to be able to differentiate between facebook messenger and regular Facebook. 

 

If you are having issues with blocking mobile apps it will likely be because of the quic protocol.

 

a lot of apps use the new-ish QUIC protocol which uses UDP ports 80 and 443 which does not get picked up by the content filtering rules. 

 

Once you have configured the recommended rules the QUIC traffic will get blocked by the Firewall, the app will then fall back to using traditional TLS/SSL which will be blocked by the Meraki content filtering rules.

 

Bedtime reading 🙂

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC#:~:text=Palo%20Alt...

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.