Dear all,

I just create a a WEB ACCESS POLICY to block SOCIAL ACCESS like Facebook, Twitter, Linkedin etc.

But, when I turn it on, no one can access anything. All Internet traffic are blocked. I just want to know what am I doing wrong.

MY RULE PROPERTIES

• Action: DENY
• Protocol: All outbound trafic
• From: Internal and VPN Clients
• To: (see description below)
• User: All Users
• Schedule: Always
• Content Type: All contente types

I created some subnets, domain name set and url set. And I inserted all of them in my "to"

SUBNETS (all Facebook subnets)

31.13.24.0/21
31.13.64.0/19
31.13.69.0/24
31.13.72.0/24
31.13.73.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
66.220.144.0/21
66.220.152.0/21
69.63.176.0/21
69.63.176.0/24
69.63.184.0/21
69.171.224.0/20
69.171.239.0/24
69.171.240.0/20
69.171.255.0/24
74.119.76.0/22
103.4.96.0/22
173.252.64.0/19
173.252.70.0/24
204.15.20.0/22

DOMAIN NAME SET (image below)

URL SETS (IMAGE BELOW)

When I active this Policy, instead of blocking only social website traffic, all internet traffic goes down (blocked).

What am I doing

Hi,

Firstly you should check rule order.If you would like to block these urls meanwhile allow any other traffic to internet.you should create an access rule to allow all outbound and  the order number must be bigger than the deny rule you created above.

You can double check your TMG live logging to see if all traffic hit the default rule.

Best Regards

Quan Gu

Hi,

Check if you have already created a rule to allow all outbound traffic which should be above the default deny all rule present on in TMG. And the above mentioned rule must be above the rule which allows all outbound traffic. This way your objective should be achieved.

In case the problem still persists, check the TMG live logs to see which rule is applied to the outbound requests coming to TMG. That might give you an idea of whats possibly going wrong and because of which rule.

Regards,

Prajul G