Hi Guys

My Boss has asked me to either ban or restrict our users from accessing good ole Facebook. I have enetered Facebook into the url filter but that does not work. I am told it is because Facebook users HTTPS which bypasses any filters?

ANy help wouldbe most welcome as he reckons someone is gonna get fired for abusing it!!!

Help

a few thoughts having been in the same position (but not with a 2820)

1) Does the company have an internet acceptable use policy ? Enforce it!
2) Make it a managerial problem - not a technical one
3) Use SmartMon to report rather than be made an IT policeman
4) Let the boss fire someone as an example

Not helpful from a technical perspective I know but it might avoid you late nights and getting 'blamed' if filters dont work.

Good luck

sbv3000 wrote: a few thoughts having been in the same position (but not with a 2820)

1) Does the company have an internet acceptable use policy ? Enforce it!
2) Make it a managerial problem - not a technical one
3) Use SmartMon to report rather than be made an IT policeman
4) Let the boss fire someone as an example

Not helpful from a technical perspective I know but it might avoid you late nights and getting 'blamed' if filters dont work.

Good luck

I do wish people would post useful information!

The below should hopefully be a bit more helpful.

1.) Under Object Settings create a Keyword Object called Facebook with the word as facebook.

2.) Under Object Settings create a new Keyword Group called Facebook and add the Facebook keyword to it.

3.) Under CSM>URL Content Filter Profile create a new profile with the below settings:-
Profile Name - Facebook
Priority - Both : Block
Check Enable URL Access Control
Check Prevent web access from IP address
Click edit and add the Facebook Keyword Group

4.) Under Firewall > Filter Setup create a new rule called Block Facebook with the below settings:-
Direction - LAN>WAN
Source IP - Any
Destination IP - Any
Service Type - Any
Filter - Pass if no further match
URL Content Filter - Facebook

That should block access to facebook even if your users are clever enough to enter the IP address of facebook instead of the URL (http://69.63.184.142/).
I have just tested this and it seems to work, any problems post back and I'll see if I can help.
There will still be ways around this such as using external proxies or tunneling but you can block this also with the 2820 (Object Setting>Misc Object) although I haven't tested this aspect.

I'm of the firm belief that you should us traditional disciplinary methods to discourage the use of a site rather than banning it outright. Theres nothing I hate more than a site getting banned at work just because a single person abused their position of trust.

Most companies allow their staff to use the internet for personal reasons during breaks and at lunchtime and banning sites outright will just anger everyone else in your organisation. The people who don't abuse the privilege.

Ryster wrote: I'm of the firm belief that you should us traditional disciplinary methods to discourage the use of a site rather than banning it outright. Theres nothing I hate more than a site getting banned at work just because a single person abused their position of trust.

Most companies allow their staff to use the internet for personal reasons during breaks and at lunchtime and banning sites outright will just anger everyone else in your organisation. The people who don't abuse the privilege.

It's not just about stopping users wasting company time, it's more about securing and optimising company resources. There are few things worse than a network riddled with various malwares. I know, I've been on the rough end and had to clean things up many a time. This can, in extreme cases, close a business down which would cause many an angry employee I'm sure. Bandwidth usage should also be a priority, how annoyed would you be if at 12:30 you needed to quickly book a business trip only to find internet access so slow due to numerous users watching youtube. Facebook and the likes are primarily for leisure and business is business.
Put another way if you had a Ferrari would you let me drive it into the rough side of town and park it up for an hour or so? No, simply because you know that if not today then certainly on another day the car would be vandalised or stolen. Similarly give a bunch of users unrestricted internet access and sooner or later someone will do something that vandalises the network.

Personally, I think you're all right - have clear policies, but also using technology to re-inforce, remind, police can be useful too...and if you're talking about your children, you can't fire them