I want to block facebook access in my local network. I have already tried with web blocking option in peplink device, but it only block the http traffic, i need to block https also. How can i block https://www.facebook.com on peplink. please advice
I would like to add that this rule is effective only when clients are using a “browser” such as IE, Firefox, Chrome.
Nowadays there are more and more Tablets out there such as an iPad and Android based device even in a business field. You won’t be able to prevent users from accessing Facebook “app” with this rule.
Whether it’s an iOS or Android device, apps are difficult to block. Just so you know…
Thanks for your greatefull repay. But we have one more issue that there is no "Domain Name " drop down option in firewall> Access Rules> Outbound Firewall Rules. There i found only these options ( Any Addrees, Single Address, Network ). Then how do i enable domain name option in outbound rule
This is a newer feature so you will want to get the latest firmware. You can download 5.4.7 firmware by registering the device at http://www.peplink.com/support/downloads/.
To better explain why this rule doesn’t work for mobile apps, the following article should help:
"While standard Layer 2 and Layer 3 firewalls prevent unauthorized access to internal and external networks, firewalls enhanced with application-level inspection examine, identify, and verify application types at Layer 7 to make sure unwanted or misbehaving application traffic doesn’t join the network. With these capabilities, the firewall can enforce endpoint user registration and authentication and provide administrative control over the use of multimedia applications. "
With the current firmware, we don’t have the ability to identify and block the mobile apps packet (Layer 7 filtering). However, it would be a good feature request. I hope this clarifies the matters.
I don’t think so. The facebook app still uses http access behind.
The mobile app will open on your mobile device, but the access will be denied. Doesn’t have to be layer 7 filtering. The access is still Layer 3.
Try and you’ll see it.
Thank you for pointing this out and I do appreciate your feedback.
I did some experiments myself here as well when the domain facebook.com was denied in the Outbound Firewall rule.
Logging into the app -> Both iOS and Android failed = they seem to be using HTTPS for authentication from the Firewall logs.
When the apps have been authenticated already in both platforms, it is difficult to maneuver around the pages for sure. (I had better luck with the app in Android for some reason although it still gave me network error message.)
Some actions seem to have been accepted although it was not always consistent. For instance, you could update your status in your profile. (Again, there were times when I needed to retry updating the status to take effect.)
The Firewall rule specifically for the domain facebook.com seems to be effective to a certain point, but it’s not a perfect solution.
The point I wanted to make here is that I wouldn’t recommend that customers rely on the Firewall rules in the Balance to block apps completely in iOS and Android devices at the moment. However, this would be a great feature to add to our Firewall.
Blocking facebook.com is pretty inconsistent and it should be facebook.* for best results. It seems like Facebook is now rolling to other domains if it can’t get out on .com.
Also, I’d really like to see a timed feature on rules. We need to block Facebook during working hours (8AM-5PM Mon-Fri)) but maybe allow it during lunch (12-1PM) and weekends. It is pretty labor intensive for someone to enable, disable, enable, disable rules every working day so they end up not doing anything…
Definitely a bug in 6.1.2, I reverted to 6.1.0 on my B30 and was able to use the wildcard then went back to 6.1.2 and it stayed though doesn’t seem to be working anymore to block Facebook…
You have explained in this post how to add wildcard i.e. domain.* for blocking domains, this will block only TLD’s, however i am looking to block sub domains & tried to add * before domain name, for example: i want to block facebook completely & would like to add *.facebook.com in the peplink device, but unfortunately peplink is not accepting * before domain name, please advise.
Note: if somehow we manage to add * before domain i.e. *.facebook.com then i think we can block facebook completely from the mobile as well…
I have Peplink 310 & the firmware version is 5.4.9 build 1564
Your earliest response will be highly appreciated.
It was five (5) months ago this bug was identified, when do you anticipate it being fixed? Also the suggestion for leading and trailing wildcards makes sense.
Please take note Web Blocking feature in Balance router only blocks Http traffics. If you need to block Https traffic, please use Outbound Firewall Rule.
I am using outbound firewall only to block facebook.com & have blocked successfully for the desktop & laptop users, but for mobile users i need to block several domains which precedes facebook.com i.e. for example (anything).facebook.com, hence is there any possibility of blocking sub domains in general using “*” or any other character or peplink doesn’t have this feature?