AnsweredHot!Block facebook, youtube, skype and amazon

Author
duong
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/05/17 20:56:08
  • Status: offline
2017/05/28 19:51:29 (permalink)
0

Block facebook, youtube, skype and amazon

Hi all,
 
I am a Newbie, I using Foretigate 300D, I need block "facebook, youtube, skype, gmail and amazon" and just open some ip as required. Please help me!
 
Thanks!
#1
Sudarsan Babu
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/04/24 03:18:50
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/05/28 21:41:12 (permalink)
0
Hi Duong ,
 
what Firmware version ?
 
 
#2
hmtay_FTNT
Gold Member
  • Total Posts : 183
  • Scores: 24
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/01 09:34:19 (permalink) ☄ Helpfulby imran 2017/06/09 13:05:58
5 (2)
Hello duong,
 
You can do so with Application Control. Under Security Profiles, select a sensor that you are going to use in your policy. Add the signatures Facebook and all its children (Facebook_xxx), YouTube, Skype and Amazon and all their children into your policy. Set them to Block. 
 
Make sure that you set your policy to use that sensor and enable at least certificate-inspection. That should block the usage of those applications. 
 
HoMing
#3
duong
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/05/17 20:56:08
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/08 19:07:14 (permalink)
5 (1)
Hi all,
 
I using Foretigate 300D, v5.4. I need your help how to allow specific ip from LAN to access facebook and youtube?.
step by step procedure would be really helpful.
 
Thanks!
post edited by duong - 2017/06/08 20:14:36
#4
hmtay_FTNT
Gold Member
  • Total Posts : 183
  • Scores: 24
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/09 06:44:31 (permalink) ☼ Best Answerby duong 2017/06/09 09:33:01
5 (2)
Hello duong,
 
If you can contact your local support to help you, it will be the best solution since they can help you if some settings arent correct.
 
Otherwise, here are the rough steps:
 
1) Go to Policy & Objects-> Addresses. Create a new address group that includes all the IPs that you want to allow YouTube, Facebook, etc.
2) Create 2 policies in IPv4 Policy. The first one should contain the address group you created in 1) and have the signatures set to Allow. The second policy then has the signatures set to Block.
 
E.g.
edit 1
        set name "wifi"
        set uuid 361c7d7a-2413-51e6-0f0a-340c73277268
        set srcintf "wifi"
        set dstintf "wan2"
        set srcaddr "allowedip"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set application-list "default-allow"
        set profile-protocol-options "default"
        set ssl-ssh-profile "certificate-inspection"
        set nat enable
    next
edit 2
        set name "wifi"
        set uuid 361c7d7a-2413-51e6-0f0a-340c73277268
        set srcintf "wifi"
        set dstintf "wan2"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set application-list "default-block"
        set profile-protocol-options "default"
        set ssl-ssh-profile "certificate-inspection"
        set nat enable
    next
 
Policy ID 1, since it is above 2, will have priority. And since the address group is "allowedip", it will use the application sensor "default-allow". The rest of the IP in the interface "wifi" will be under policy ID 2 and have the application sensor "default-block".
 
HoMing
#5
duong
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/05/17 20:56:08
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/09 09:54:23 (permalink)
0
Thanks for your support! I got it, it's worked. That's great!
 
The last question, If I have 2 IPs:
 
1. xxx.xxx.xxx.xx1 access to Facebook and Youtube.
2. xxx.xxx.xxx.xx2 access to Skype and Amazon.
3. Block all.
 
- In the Addresss: I create a IP access to Facebook, Youtube and a IP access to Skype, Amazon.
 
- In the Policy: I created 3 rules:
                1. Allow IP access Facebook, Youtube and block Skype and Amazon (Block by Application).
                2. Allow IP access Skype, Amazon and block Facebook and Amazon (Block by Application).
                3. Allow access internet. (Block Facebook, Youtube, Skype and Amazon).
 
But it's not run.
 
Please...! Thanks!
post edited by duong - 2017/06/09 09:55:36
#6
hmtay_FTNT
Gold Member
  • Total Posts : 183
  • Scores: 24
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/09 10:14:24 (permalink)
0
Hello duong,
 
That should work. Do you have the 2 policies for 1) and 2) above 3)? When you said it didnt work, did it not work for just one or both 1) and 2)?
 
HoMing
#7
duong
New Member
  • Total Posts : 4
  • Scores: 2
  • Reward points: 0
  • Joined: 2017/05/17 20:56:08
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/11 19:07:47 (permalink)
0
Hi hmtay_FTNT,
 
Sorry for late reply.
 
I did create 3 rules:
 
                1. Allow IP access Facebook, Youtube and block Skype and Amazon (Block by Application).
                2. Allow IP access Skype, Amazon and block Facebook and Amazon (Block by Application).
                3. Allow access internet. (Block Facebook, Youtube, Skype and Amazon).
 
Rule 1. => OK.
Rule 2. => Not OK.
Rule 3. => OK.
 
Seem, when I create 2 or more rules with Application Control, it does not work.
 
Thanks!
#8
hmtay_FTNT
Gold Member
  • Total Posts : 183
  • Scores: 24
  • Reward points: 0
  • Joined: 2017/02/22 11:02:10
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/06/12 09:01:21 (permalink)
0
Can you send me the configuration, pcap and Application Logs for the failed one? You can send it to my email at hmtay@fortinet.com. I can take a look at it.
#9
DingDong
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/07 01:15:06
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/07/07 08:25:10 (permalink)
0
Create a web filter. In the web filter you can whitelist or block single URLs, IP Addresses or wildcard URLs and also block them under Security Profiles -> Web Filter -> Static URL Filter
 
Hope this helps you
#10
ThePro
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/11/14 17:35:30
  • Status: offline
Re: Block facebook, youtube, skype and amazon 2017/08/29 05:56:10 (permalink)
0
If I do it through Application Control it works, but through WebFiltering it does not work. Its the same Policy I just turned off Application Control on the policy and enabled Web Filter with a custom profile with URL Filter turned on and URL - 8facebook.com, Tye - Wildcard, Action - Block, Status - Enable (everything else on that profile is turned off).
 
Any pros/cons of doing it through Application Control instead of Web Filtering? When a page is blocked though Application Control is there a way to show the users a message? (Right now it just tries to keep opening the page, but it never loads. Is there a way of displaying a message like it does when WebFiltering works).
 
I would still like to know why WebFiltering is not working. Any ideas?
#11
Jump to:
© 2017 APG vNext Commercial Version 5.5