• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 962
  • Last Modified:

Facebook IP address ranges

Can anyone tell me the IP ranges of Facebook and its asociated sites like fbcdn.net?

I have a watchguard XTM-520 with Webblock and Application Control services and they are able to block it completely, but rather than block facebook I need to route its traffic to a lower priority line, and it cannot be made with the url names but only with IP addresses.

Also, watchguard can tell in the Hostwatch module the addresses being used by users, but they are too much to be specified one by one in a policy.

Thanks in advance.
0
A-MONTERO
Asked:
A-MONTERO
  • 4
  • 3
2 Solutions
 
Aaron TomoskyTechnology ConsultantCommented:
I just did this with my sonicwall ( it let's me use fqdn but only one wildcard level) and it was a pain just to track most of that down. Most of them go to various google and aikami sub sub domains. And each of those is an ip pool.

Anyway, if you want to try my way is to use firefox with firebug. The net tab shows all the connections when you load a page. Sort by size.  
0
 
PapertripCommented:
The amount of time and work required to first compile that list of IP's, then keep it updated, is most likely just not worth it.

Aaron's suggestion of using firebug is probably your best bet for the initial list, however keeping that maintained and updated will turn out to be a lesson in futility.
0
 
Aaron TomoskyTechnology ConsultantCommented:
I was pleasantly surprised to find this ability in my sonicwall. Maybe get a low end model just for this purpose? My tz210 was under $600
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PapertripCommented:
Aaron do you mean the ability to use the wildcard URL's?  Yeah that would make this much much easier than having to go by IP's only...  It would probably actually make all of your time worth it ;)
0
 
Aaron TomoskyTechnology ConsultantCommented:
I did some research when I had this same problem. Dns filtering was only for blocking, squid or another proxy could do a lot, but when I stumbled on the sonicwall being able to do wildcard fqdn bandwidth management and/or blocking I had found my perfect solution. I'll pos a screenshot
0
 
Aaron TomoskyTechnology ConsultantCommented:
Basically you make an address object for each fqdn, then add them all to a group. I called mine "annoying websites". Then you make a lan->wan rule to allow these websites above the allow all. Edit the rule and enable the bandwidth management. If you want to block them entirely, you can set bandwidth to 0 or make a block rule.
Since it's a firewall rule you can make it active for any address object (ip range, single computer, subnet, etc...) So I could easily allow some computers and not others. I was really surprised I had something with this kind of power.
 sonicwall address object group sonicwall firewall rule sonicwall edit firewall rule
0
 
PapertripCommented:
Nice!
0
 
A-MONTEROAuthor Commented:
Thank you very much guys, I appreciate your help.  Very impressive the flexibility of SonicWall managing traffic, it's a shame we can't count on Watchguard to solve this.  I hope some day they do something about it.

Thank you both.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now