I have an issue with facebook access. Currently, I do not facebook blcock using blue Coat Packet shaper. This is exactly what the organization wanted,but know they want to provide facebook access only to the sales dept. Since we have a M-1250 IPS sensor, from my understanding, the IPS does deep packing inspection. Is it possible to allow facebook based on IP subnet? For instance, subnet 10.1.1.0/23 will be able to access facebook while subnet 10.2.2.0/23 will be denied. I have seen that we can create ACL on the IPS, does an acl will resolve my issue?
Hi Don Juan,
I checked attack signatures and I see no signature that recongnize "Facebook Login" or something like that. May be you can create an UDS to do that and configure it to block. By using VIPS you can apply different policies based on CIDRs or VLANs.
ACL may be a solution but I guess facebook has several IP addresses and it will change constantly, then you would have to add those IPs to the ACL then is too difficult to manage and maintain it.
I think you better buy a McAfee Web Gateway.
There are signatures in the default policy that are severity 0 that can be customized for your needs. Both are tagged as "WebApplication: Social Networking Website Access"