Blocking Phone Apps with Firewall Policies
For the past few days, I've been trying to block social media/streaming sites on our company network. My strategy has been to create aliases such as Social_Media_Sites and adding FQDNs to the list such as www.facebook.com, facebook.com, and *.facebook.com, etc. I read somewhere that putting the FQDNs in aliases instead of directly in firewall policies is more dynamic when it comes to DNS resolution. Not sure if that's true but it's definitely cleaner looking. Then I create a firewall policy for each alias that denies HTTPS traffic from a specific firewall group to that alias. This has worked fine when it comes to web browsers like Chrome and Edge, even though it seems to be delayed sometimes, possibly due to DNS. The weird thing is that when using the app from my iPhone, I am still able to use the certain apps even though the FQDN is blocked. For example, I am still able to send pictures on the Snapchat app even though it is blocked. I am even able to see that it's being denied and matching the policy in Traffic Manager on the firebox. Is there something I'm missing?