Description
This article describes in FortiOS 6.4.x, both Telegram Desktop App and Web Version cannot be blocked by DENYING its ISDB in the firewall policy.
This problem is seen occurring only in FortiOS 6.4.x and not in FortiOS 7.x.x.
FortiOS 6.4.x does not seem to have the correct ISDB for Telegram despite manually installing the latest ISDB.
Scope
Block Telegram Web and App version on FortiOS 6.4.x.
Solution
Link to check for updated IP Range: https://ipinfo.io/AS62041#block-ranges
Telegram IP range:
149.154.160.0/22
149.154.164.0/22
91.108.4.0/22
91.108.56.0/22
91.108.8.0/22
95.161.64.0/20
1) Create these IP ranges as an Address object. Policy & Objects -> Addresses -> Create New. Concatenate all created addresses into an Address Group.
2) Use it as Destination in the firewall DENY policy.
3) To block Telegram web effectively, use wildcard expression *telegram* in both Web Filter and DNS Filter. Ensure these are then set to Block.
To add Telegram as the wildcard expression stated, need to enable 'Static URL Filter' in the Web Filter settings and 'Static Domain Filter' in the DNS Filter settings.
