Allow only Facebook at Work via the ProxySG and Deny Access to Standard Facebook
Last Updated May 13, 2017
Facebook at Work is a new service from Facebook designed to allow colleagues in organizations to collaborate and network in a similar way to how Facebook users interact in ordinary Facebook:
This article describes how to allow your users access to your corporate Facebook at Work social network, while preventing them from accessing their standard Facebook account
You will need to block most Facebook requests, but allow requests to your corporate page:
As well as several other background domains necessary to display content from Facebook
SSL interception: This is a prerequisite and essential for controlling Facebook traffic as it is almost exclusively served in HTTPS.
Policy to be implemented: Here is some sample policy which according to testing allows Facebook at work for your Facebook at Work page (e.g. company.facebook.com), but blocks other facebook.com requests:
a) Create a new Web Access layer b) Create a first rule: Source: Any (or a user or group, as you wish) Destination: New > Combined Destination Object > New URL and then add each of these URLs, one at a time:
fbcdn.net company.facebook.com chat.facebook.com
With this policy, you should be able to open company.facebook.com but you will be denied opening facebook.com
Facebook at Work is a new service at the time of writing this article and as such that service subject to change.
If you have problems then you can either take a policy trace to investigate which requests are denied or you can contact technical support for further assistance. Please provide a policy trace and sysinfo when contacting support if possible, this will speed up identifying the problem
Imported Document ID: 000032183
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe