XII. Firewall/Security Features

Blocking Facebook with App Enforcement

Products:
Vigor 2620Ln
Vigor 2760
Vigor 2762
Vigor 2765
Show all

Keywords:
App
App Enforcement
Facebook
Filter Rule
Show all


Blocking Facebook with App Enforcement

DrayTek's Content Security Management (CSM) capabilities include App Enforcement, which is able to block Application services and Apps on mobile devices, tablets etc, to augment the abilities of the Web Content Filter and DNS Filter.

This guide demonstrates how to implement App Enforcement on a DrayTek Vigor router to block both Facebook's website and the Facebook mobile App.
Note - we're not suggesting there's anything wrong with Facebook - this is just for example.

Step 1 - Create an APP Enforcement Profile

  • Click on an Index number to create a new profile in [CSM] > [APP Enforcement] Profile

APPE Profile List

Step 2 - Set up the details in the profile

  • Enter a Profile Name to identify the purpose of the profile
  • Choose the Facebook in the Instant Message section

Click OK to save the profile.

APPE Facebook

Step 3 - Apply the App Enforcement Profile

To apply the APP Enforcement Profile, it will need to be processed by the router's Firewall.

To set up a Firewall Filter Rule, go to [Firewall] > [Filter Setup] and click on Set 2. to modify rules in Firewall Filter Set 2, which is the first set of rules processed by the firewall (by default)

Firewall Filter Set

Step 4 - Select Firewall Filter Rule To Edit

Click on an un-used Filter Rule number i.e. Rule 2  to set up a Firewall filter rule:

Step 5 - Configure Firewall Filter Rule

Set up the Firewall Filter Rule with these settings:

1. Enable the Filter Rule
2. Select the Direction as LAN/DMZ/RT/VPN -> WAN
3. Select Schedule Profiles to apply the block only during the specified hours
4. Edit the Source IP that the App Enforcement block should apply to
5. Select Filter as Pass If No Further Match
6. Select the App Enforcement profile created in Step 2.
7. Optional: Enable the Syslog options for the router to log via Syslog when this rule is applied to traffic, blocking it

Click OK to save and apply the Firewall Filter Rule.

Firewall Filter Rule Configuration

Step 6 - Test Facebook

Once the Firewall Filter Rule applying the App Enforcement profile is configured, clients that the rule applies to (set via the Source IP in the Filter Rule) will receive this response when trying to access Facebook.

Denied

Conclusion

Once it's confirmed that a web browser is unable to access Facebook, connections from other methods such as the Facebook app should also be unable to connect. App Enforcement operates on the protocols that Facebook uses to determine which connections are going to Facebook's servers and blocks them.

With this setup, any users included in the Source IP range IP addresses (or IP Objects / Groups when those are configured) will not be able to access Facebook's website or services.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1