how to block https facebook.com?

I blocked facebook.com  and youtube.com in firewall and  users cant open this sites.

but when they try to open  https://facebook.com or  https://youtube.com my block rule dont works...

how can i block https://facebook.com and Https://youtube.com ???

We use sonicwall firewall.
MirceyhunAsked:
Who is Participating?
 
digitapCommented:
you have the version right before the Early Release, which is at version 5.8.0.2-37o. Early Release is not beta and includes fixes but also features that have not been enabled yet. i've been instructed by support to install Early Release firmware to resolve issues. also, i've seen early release firmware resolve issues that were not in the release notes.

by the way, your current issue is NOT mentioned in the release notes.
0
 
wparrottCommented:
Easiest way is with the SonicWall SSL Control Feature.

Here's a link to step-by-step instructions:

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5853&formaction=catalert

HTH,

-W
0
 
MirceyhunAuthor Commented:
sorry... but it didnt help... (
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
alienXenoCommented:
You can just blackhole these sites in your internal corp DNS. redirect them to some internal webserver hosting a block page  or just resolve them to 127.0.0.1.
0
 
MirceyhunAuthor Commented:
Our VIP users must be able to open Facebook and Youtube...
0
 
digitapCommented:
what model of sonicwall do you have? is it enhanced or standard OS?

i think you need to enable the following on your sonicwall: go to security services > content filter > Configure > check Enable IP based HTTPS Content Filtering.
0
 
MirceyhunAuthor Commented:
Sonicwall nsa2400

IP based HTTPS Content Filtering  enabled... but didnt help
0
 
digitapCommented:
reading through the comments again, i see some contradiction. you say in your question that you want to disable https://facebook.com, but then i see you need it opened? can you elaborate on this a little?
0
 
Akash BansalIT ProfessionalCommented:
i am having the similar issue, I have CISCO RVS4000 with protectlink security service which helps me to block web category
It blocks facebook.com but when the user put https://facebook.com it does not block the site.
I do not want to modify LMHOST on each computer.
0
 
digitapCommented:
@Mirceyhun :: doing some more looking, i discovered the KB below.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=3590

with that, if you use the following public IPs to suplement that check box checked in the forbidden domain, 69.63.181.12, 69.63.189.11, 69.63.189.16, i think you'll find that https://www.facebook.com will be blocked.

@BansalAkash :: Do you currently have a question open for this particular issue?
0
 
MirceyhunAuthor Commented:
Ip blocking didnt help
0
 
digitapCommented:
clarification, you need facebook blocked whether HTTP or HTTPS, right? currently, on ANY workstation, facebook for HTTP is being blocked, but ANY workstation that tries to connect at HTTPS for facebook isn't blocked, right?

so, the content filter IS working, but not for ANY HTTPS sites, right?
0
 
Akash BansalIT ProfessionalCommented:
@digitap its true in my case
No I haven't opened any case for this question
0
 
MirceyhunAuthor Commented:
@ yes you are right
0
 
digitapCommented:
ok...let's change things up a bit. review the kb below. it walks through using the application firewall. are you licensed for that?

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8190
0
 
MirceyhunAuthor Commented:
I tried it. but users still can access https facebook ((
0
 
digitapCommented:
something else is going on. i can't say for certain without seeing your settings. is the firmware up to date on your sonicwall? sorry, if that's already been covered.
0
 
MirceyhunAuthor Commented:
our license expired in 25.02.2011. new license will come in aprel... but i dont think that is a reason... because everythink works fine yet. and we can block sites. only https sites are problem.
0
 
digitapCommented:
i know it seems hard to believe, but you've followed all of the KBs i've posted so it the only thing left i can think of is the firmware. what version are you currently on?
0
 
MirceyhunAuthor Commented:
5.6.0.10-52 - firmvare version
0
 
MirceyhunAuthor Commented:
thanks i will try
0
 
digitapCommented:
ok...report back one way or the other. i don't want to claim the points if this wasn't the solution, although i appreciate the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.