FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
salemneaz
Staff
Staff
Article Id 360401
Description This article gives an overview of Blocking Facebook Video and Reels using Application control
Scope FortiOS 7.2 and Above
Solution

By using the Application control Signature, Facebook Videos and Reels can be blocked while surfing through the Facebook page are allowed. The signatures that are used are the 'Facebook_Video.Play' and also 'Facebook_Messenger.Video.Transfer'. These signatures only block the Videos that are transferred using the Facebook Messenger.

 

First, create an Application Control Profile as shown below:

 

1.jpg

 

Since Social Media is set to Monitoring in the All Category Field together with the Audio & Video signature, the 'Application and Filter Overrides' must be used to block the corresponding Signatures.

 

2.jpg

 

The Application Control Profile is then used in the Firewall Policy with Deep Pack Inspection.

The certificate that has been used at the deep packet inspection is downloaded and uploaded at the Windows Host machine for the certificate.

Note: Without Deep Packet Inspection, this Application Control will not work in this case.

 

3.jpg

 

The results of downloading the Certificate from the SSL Inspection Profile are shown in the screenshot below:

 

4.jpg

 

From the Security Profiles, select SSL/SSH Inspection and then select the appropriate profile, then download the CA certificate.

 

At the Windows Host, upload the certificate in the Web browser by following the steps provided below:

 

Microsoft Edge Browser is used in this example.

 

From the Options, select Security and Privacy and then scroll down to 'Manage Certificate', then upload the certificate downloaded from the FortiGate as a 'Trusted Root Certification Authority'.

 

5.jpg

 

After that, while browsing Facebook, the Videos and Reels do not appear, and nor do the Thumbnails.

 

6.jpg

 

7.jpg

 

Forward Logs and Report show Facebook Video has been blocked:

 

8.jpg

 

9.jpg

 

By using the same methodology, other Facebook functions can also be blocked such as the Facebook Like Button, Facebook Messenger, the ability to comment or post on Facebook, etc. The List of Signatures can be found from the Application Control Signature database itself.

 

10.jpg

 

Reference articles:

Technical Tip: How to check Application Control category of an application.