Thank you for pointing this out and I do appreciate your feedback.
I did some experiments myself here as well when the domain facebook.com was denied in the Outbound Firewall rule.
Logging into the app -> Both iOS and Android failed = they seem to be using HTTPS for authentication from the Firewall logs.
When the apps have been authenticated already in both platforms, it is difficult to maneuver around the pages for sure. (I had better luck with the app in Android for some reason although it still gave me network error message.)
Some actions seem to have been accepted although it was not always consistent. For instance, you could update your status in your profile. (Again, there were times when I needed to retry updating the status to take effect.)
The Firewall rule specifically for the domain facebook.com seems to be effective to a certain point, but it’s not a perfect solution.
The point I wanted to make here is that I wouldn’t recommend that customers rely on the Firewall rules in the Balance to block apps completely in iOS and Android devices at the moment. However, this would be a great feature to add to our Firewall.
Blocking facebook.com is pretty inconsistent and it should be facebook.* for best results. It seems like Facebook is now rolling to other domains if it can’t get out on .com.
Also, I’d really like to see a timed feature on rules. We need to block Facebook during working hours (8AM-5PM Mon-Fri)) but maybe allow it during lunch (12-1PM) and weekends. It is pretty labor intensive for someone to enable, disable, enable, disable rules every working day so they end up not doing anything…
Definitely a bug in 6.1.2, I reverted to 6.1.0 on my B30 and was able to use the wildcard then went back to 6.1.2 and it stayed though doesn’t seem to be working anymore to block Facebook…
You have explained in this post how to add wildcard i.e. domain.* for blocking domains, this will block only TLD’s, however i am looking to block sub domains & tried to add * before domain name, for example: i want to block facebook completely & would like to add *.facebook.com in the peplink device, but unfortunately peplink is not accepting * before domain name, please advise.
Note: if somehow we manage to add * before domain i.e. *.facebook.com then i think we can block facebook completely from the mobile as well…
I have Peplink 310 & the firmware version is 5.4.9 build 1564
Your earliest response will be highly appreciated.
It was five (5) months ago this bug was identified, when do you anticipate it being fixed? Also the suggestion for leading and trailing wildcards makes sense.
Please take note Web Blocking feature in Balance router only blocks Http traffics. If you need to block Https traffic, please use Outbound Firewall Rule.
I am using outbound firewall only to block facebook.com & have blocked successfully for the desktop & laptop users, but for mobile users i need to block several domains which precedes facebook.com i.e. for example (anything).facebook.com, hence is there any possibility of blocking sub domains in general using “*” or any other character or peplink doesn’t have this feature?
We just want a Facebook block that works on **all of your routers from B20/30 and up so have you tested the latest RC in this regard?? If not then please provide specific details on how to block FB and state which routers the block works on.
Once again, I requested timed rules so we can enable and disable then at certain times. I think it is well over a year since I requested this.
It doesn’t work reliably unless you block facebook.*, I think it tries different domains if it can’t connect on facebook.com though I haven’t verified that. It may be going to facebook.us, facebook.co.uk, facebook.cn, etc. and that’s why you need the wildcard. This is no different than Skype using multiple ports including port 80 which isn’t practical to block
Again, the way to block facebook is as follows assuming you are on V6.2 firmware:
In Firewall, setup “Web Blocking” to block facebook.* then setup an “Access Rule” for “Any” protocol on “Any” source IP with “Destination IP” set to “Domain” and use facebook.* again and “Deny” the traffic. Not sure why since it is https, but you need both for it to block
I’ve tested the rules schedule feature in V6.3 and it works perfectly so thank you Peplink!
Here’s an example of the rules schedule feature in the upcoming V6.3 Peplink firmware. The first thing I did was create a schedule and named it “Work Schedule”. You can either select the 30 minute cells individually or click and drag to select them continuously. This rule will apply from 8am-12pm, off until 1pm then on again from 1pm-5pm then off. You can create as many schedules as you want and apply them to any rules you setup. Definitely possible to disable all access to the staff group with this schedule and a rule:
This is my Facebook rule and all you need to do now is select the schedule in the box on the “Enable” line. It defaults to “Always On” so just hit the down arrow to see and select a schedule:
