Staff

Technical Tip: Allow Facebook Workplace while Blocking Facebook

Forum|Forum|6 years ago
June 17, 2019
0 replies
7173 views

Description

This article describes how to configure a web filter profile on FortiGate to block access to Facebook (www.facebook.com) but allow access to Facebook's workplace.

Scope

Solution

Expectations:

Access to the Facebook website will be blocked but access to the Facebook workplace will be allowed.

Configuration:

The following is the configuration of IPv4 policy:

The following is the configuration of the web filter profile:

The 'Exempt' action for a defined URL/Wildcard/RegEx entry in the URL filter will permit the traffic to pass through the firewall without any further scanning. There will be no match against FortiGuard web filters (FortiGuard categories), Web Content Filter, or so on.

Verification:

Open a web browser and confirm that Facebook is blocked as follows:

Confirm that access to the Facebook workplace is allowed as follows:

Troubleshooting:
In this case, the test machine that is being used to replicate access to Facebook (facebook.com) and Facebook workplace (workplace.facebook.com) is 192.168.56.22.

This explains why 192.168.56.22 is used to filter the urlfilter debugging as follows:

diagnose debug reset
diagnose debug disable
diagnose debug urlfilter src-addr 192.168.56.22
diagnose debug app urlfilter -1
diagnose debug en

To stop debugging, run the following command:

diagnose debug disable

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded