This article describes how to block the Facebook chat, while still allowing other functions like videos, new feeds…
Scope
Facebook, FortiGate.
Solution
Step 1: Define the custom signatures in GUI under Security Profiles > Application signatures:
F-SBID( --name "Facebook_Chat.custom"; --protocol tcp; --app_cat 23; --weight 20; --service http; --flow from_client; --pattern "web-chat-e2ee.facebook.com"; --context host; --no_case; --pattern "/chat"; --context uri; --within 16,context; --depend-on 15832; --scan-range 2k,all; ) F-SBID( --name "Facebook_Chat_web_ssl.custom"; --protocol tcp; --service ssl; --pattern "web-chat-e2ee.facebook.com"; --context host; --no_case; --depend-on 15832; --scan-range 2k,all; --app_cat 23; --weight 20; )
Step 2: Include the custom signature (step 1) in the related Application Control profile. It also needs to disable the QUIC protocol.
Step 3: Define the firewall policy with the Application Control profile (step 2) and choose Deep-inspection in SSL/SSH inspection. It is also possible to choose either Flow-based or Proxy-based in Inspection mode.
Step 4: Import the certificate (in SSL/SSH inspection profile) to the user’s computer/web browser: Importing the certificate into web browsers.
Step 5: Facebook chat is blocked in the user’s browser, and in the FortiGate security logs:
