You can block TLS or SSL traffic to any site with a decent firewall that can
preform DPI. In sonicwall this can be done by creating a custom application
object for https://fb.com, https//www.fb.com etc
The only drawback, which for us was outweighted the humongous costs DPI-SSL
service module, is that users will not get standard content filtering
message when they try to use SSL to bypass the filter -- HTTPS traffic to
that site will be simply dropped and their browser simply display a blank
page or an error (in Firefox) that "Connection was ropped".
Andrei Henriksan
andrei@stgregoryschool.org
St. Gregory College Preparatory School
Tucson, AZ
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L