Technical Tip: Blocking chat while allowing other functions in Facebook

1. Define the custom signatures in GUI under Security Profiles -> Application signatures:

F-SBID( --name "Facebook_Chat.custom"; --protocol tcp; --app_cat 23; --weight 20; --service http; --flow from_client; --pattern "web-chat-e2ee.facebook.com"; --context host; --no_case; --pattern "/chat"; --context uri; --within 16,context; --depend-on 15832; --scan-range 2k,all; )

F-SBID( --name "Facebook_Chat_web_ssl.custom"; --protocol tcp; --service ssl; --pattern "web-chat-e2ee.facebook.com"; --context host; --no_case; --depend-on 15832; --scan-range 2k,all; --app_cat 23; --weight 20; )

2. Include the custom signature (step 1) in the related Application Control profile. It also needs to disable the QUIC protocol.

3. Define the firewall policy with the Application Control profile (step 2) and choose Deep-inspection in SSL/SSH inspection. It is also possible to choose either Flow-based or Proxy-based in Inspection mode.

4. Import the certificate (in SSL/SSH inspection profile) to the user's computer/web browser: Importing the certificate into web browsers. 
5. Facebook chat is blocked in the user's browser, and in the FortiGate security logs: