Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Blocking facebook chat with asa 5520

We have a 5520, with the CSC, though without the Plus license.

We would like to block Facebook chat, without blocking the rest of Facebook.

A bunch of searching has turned up the following 3 URLs to block, so I put them into the CSC under URL Blocking.

http://www.facebook.com/ajax/chat/*

http://www.facebook.com/ajax/presence/*

http://www.facebook.com/intent.php

This is supposed to prevent outgoing messages, prevent a user from seeing other facebook users, and prevent incoming messages.

However, it doesn't do anything. As well, the places where I've seen this referenced have a following message to the effect that "this no longer works."

Facebook's support hasn't answered any requests for information on how to block chat at the firewall, just telling us how to block chat as individuals, which doesn't help.

Does anyone have any ideas? Anyone else done this?

Thanks,

Rich

6 REPLIES
Cisco Employee

Re: Blocking facebook chat with asa 5520

URL blocking should work. But, you most certainly need plus license for this to work.

Pls. refer this link has a nice table:

http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/csc1.html#wp1053366

New Member

Re: Blocking facebook chat with asa 5520

Hi,

Im very despondent with TrencMicroCSC with new update and old update. Becasue CSC URL Filtering not working correclty. For Example Block list not working True. if the user type on the browsers address tab https://www.facebook.com site opened if users are type https://www.sssssss sites were opened.

i have got a plus lisence. anybody does not help Asa or CSC Security . approximatly we spend 15.000$ but CSC very bad card or very bad synchronization with ASA. I'm very aggrieved this situation. I'm system administrator at the government hospital in Turkey.

If these errors not get better i buy Fortigate Series Content Security.

I m not helping with Cisco or CSC card.

Please S.O.S. with ASA and bad CSC Card

System Administrator

Cisco Employee

Re: Blocking facebook chat with asa 5520

You are talking about https://

The CSC module presently can only scan 4 protocols. HTTP, SMTP, POP and FTP. These are tcp ports 80,25,110 and 21.

https is tcp port 443 that the CSC module cannot scan.

-KS

New Member

Re: Blocking facebook chat with asa 5520

How can i blocking https or facebook and facebook subdomains with 5520 rules or CSC Module??

New Member

Re: Blocking facebook chat with asa 5520

try it with regular expressions

Cisco Employee

Re: Blocking facebook chat with asa 5520

Bear in mind regex requires http inspection and the CSC is already scanning that. This may add to the latency

.

-KS

3526
Views
21
Helpful
6
Replies
CreatePlease to create content