This article describes how to block Facebook while allowing Messenger, to use an application control profile in Firewall FortiGate.
1. On PC:
Step 1: create a new application control profile in FortiGate -> Security Profile -> Application Control.
Step 2: add application and filter overrides to allow Messenger and Facebook_Chat, and block all other Facebook signatures.
Step 3: apply the application profile in the Firewall policy, and remember to choose Deep inspection.
Step 4: download and import FortiGate's certificate into the client's PC, following this article:
On the client PC:
2. On Mobile devices.
FortiGate is unable to inspect the SSL traffic of Facebook and Facebook Messenger applications due to certificate pinning, it is impossible to differentiate the traffic between the two. Without inspecting the SSL traffic, it is impossible to block the Facebook app while allowing the Messenger app on mobile devices.