This article describes how to configure firewall rule to block traffic towards Facebook.
Prerequisites
- Versa Director installed and configured.
- Make sure NGFW (Next Generation Firewall ) services have enabled on the branch
To know How to add NGFW service on Versa FlexVNF CPE read this article
Configuration
- Login into the Versa Director and navigate to the Configuration >Templates
- Edit the Template associated with the branch by clicking it
- On the branch template navigate to Configuration > Services > Next Gen Firewall > Security > Profiles > click on URL Filtering
- Click (+) to create new URL filtering profile
- Edit URL Filter will pop-up. Fill in the details:
- Name: Provide a Name to the Profile
- Click on Blacklist with Action as block
- In the strings section click (+) and mention the site name (www.facebook.com)
Alternatively, specify matching pattern in the Pattern section with regex (URL string to regex pattern match syntax .*facebook.*) as shown in the snapshot below
- Click OK
- Navigate to Security > Policies and click on + to add new Policy (if default-policy is not present)
- Click on Rules tab
- Click on (+) to add a rule
- Pop-up window is opened to Add Rule
- In the Add Rule window in the General tab provide the name for the rule (i.e: Block_FACEBOOK_SITE).
- Then click on Enforce tab. Rest of the tabs (Source/Destination, Headers/Schedule, Applications/URL, users/Groups are not required to be edited in this use case)
- In the Actions section select Apply Security Profile
- Select URL Filtering option and select from Drop-Down the URL Filtering Profile we created from Steps 3 to 6 in this article.
- Click OK to complete the configuration.
Since we have done the configuration in Template mode, commit the template to the branch/branches where you want to apply this rule.
Verification
You can connect a host behind the branch and access the Facebook URL using a browser.
The user will not be allowed to access the Facebook URL and Error is displayed on browser.
