Allow only Facebook at Work via the ProxySG and Deny Access to Standard Facebook


Article ID: 169167


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


Facebook at Work is a new service from Facebook designed to allow colleagues in organizations to collaborate and network in a similar way to how Facebook users interact in ordinary Facebook:

This article describes how to allow your users access to your corporate Facebook at Work social network, while preventing them from accessing their standard Facebook account


You will need to block most Facebook requests, but allow requests to your corporate page:

As well as several other background domains necessary to display content from Facebook


SSL interception: This is a prerequisite and essential for controlling Facebook traffic as it is almost exclusively served in HTTPS. 

Policy to be implemented:
Here is some sample policy which according to testing allows Facebook at work for your Facebook at Work page (e.g., but blocks other requests:

1) Using CPL policy:

ALLOW condition=fbatwork 

define condition fbatwork (where company is your company name) 

For details about how to install CPL, have a look at this KB article:

How do I add CPL to a local policy file on the ProxySG?

2) Using VPM:

a) Create a new Web Access layer
b) Create a first rule: Source: Any (or a user or group, as you wish) Destination: New > Combined Destination Object > New URL and then add each of these URLs, one at a time: 

With this policy, you should be able to open but you will be denied opening