Restrict Facebook usage on your network with Mikrotik
1. Introduction.
In today’s world, where connectivity and social media play a fundamental role in our lives, it is important to find a balance between the proper use of these platforms and work or educational productivity. Facebook, being one of the most popular social networks among many others, can become a distraction for employees and students, affecting their performance and concentration. Therefore, it is essential to have tools that allow us to efficiently manage access to these platforms in our network or directly block Facebook completely.
Mikrotik, known for its wide range of network products and solutions, offers a reliable and effective option for managing access to Facebook in your organization.
With its powerful RouterOS operating system and advanced firewall features, Mikrotik provides the ability to block the use of Facebook in a customized manner, adapting to the specific needs of each environment..
In this new article, we will see how to use Mikrotik to limit or block access to Facebook in your network, thus optimizing productivity and ensuring access in accordance with each organization’s policies. We will also address topics such as traffic monitoring and configuring flexible rules.
>> FlashStart is a leader in competitiveness → Request a quotation or try it now
2. Increases productivity
Mikrotik and RouterOS are a powerful combination of hardware and software that allow us to perform different actions according to the policies we define.
Mikrotik offers many configuration options for blocking social networks like Facebook or limiting access to specific sites. Additionally, we have various ways to configure different rules to limit access based on schedules, increasing productivity in an organization and allowing usage within different ranges. This can be done directly from the Firewall, but it is also possible to apply it to speed queues. The latter option doesn’t block Facebook completely but allows limited traffic.
The time function can be found in the “extra” section of the Firewall.
Thanks to this option, we can block Facebook on Mikrotik based on schedules.
Remember that we can also achieve the same through a speed queue. In the next section, we will see how to effectively block Facebook using various available methods.
Filtrado avanzado: Como bloquear Facebook con Mikrotik
There are several ways to block Facebook with Mikrotik, here we summarize some of the most commonly used ones:
» Use the content filter in the Firewall.
» Use Address-List.
» Use advanced options such as TLS-Host.
Regarding the use of content, the documentation indicates that it scans the IP packet for that word within the IP payload, but we have a problem here, as most of the traffic is currently encrypted by HTTPS, so this filter would not be able to see the content of the packet, for some domains it can be really useful, but we will not rely on this first option.
>> FlashStart is totally in the cloud and easily activated → Request a quotation or try it now
3. Use Address List
Using Address lists to block Facebook with Mikrotik is a very useful option, which has been introduced in several versions of RouterOS. In the past, it only allowed the input of IP addresses or networks, but now we can also use domain names. It’s as simple as entering “Facebook.com,” for example, and the address list will automatically detect the IP addresses and add them automatically. Then, a drop rule is needed to effectively block Facebook with Mikrotik. Here’s an example:
First, we create an Address list with the domain “Facebook.com.”
As we browse, we will see that the Address list starts adding Facebook addresses, relying on DNS for that.
The last step is to create a rule to effectively block Facebook. This will be done in the filter section of the Firewall.
Remember that in the Address list, we should enter all the domains related to Facebook, such as Facebook.com, Facebook.es, fb.com, etc. This way, the blocking of Facebook in Mikrotik will be more effective. It is also advisable to use the options of protocols, ports, and interfaces to make it as specific as possible.
4. Facebook blocking with the TLS-Host option.
The last option we will explore is TLS-Host. This advanced feature in Mikrotik allows us to identify the IP addresses of a domain before the TLS handshake is initiated and traffic is encrypted. It is only necessary to specify the domain in the TLS-Host advanced option. With this, there is no need to use an address list directly. However, it is recommended not to block it directly but to add the IPs to an address list and then block the list, as shown in the previous example.
Notice that we have used “*” before and after the word “Facebook.” With this, we have defined that any word before or after “Facebook” can be identified and blocked. There is no longer a need to define multiple domains as in the previous Address list example to block Facebook with Mikrotik.
5. Traffic monitoring.
Monitoring network traffic is an essential task in the management of any modern network infrastructure. With the growing demand for resources and the need to ensure optimal performance, understanding the behavior of traffic in our network is key to making informed decisions and improving service quality. Blocking Facebook in Mikrotik is straightforward, but it is always necessary to rely on monitoring tools to ensure that everything is working correctly.
Mikrotik, with its advanced RouterOS operating system, offers a wide range of tools and functionalities to carry out this task efficiently and effectively.
One of the standout features of Mikrotik is its ability to capture and analyze data packets in real-time. This allows us to quickly identify potential performance issues, congestion, or even security threats. Additionally, Mikrotik provides us with the ability to generate detailed reports and graphs that aid in understanding the traffic behavior in our network.
Furthermore, Mikrotik offers options to configure alerts and notifications for specific events, such as excessive bandwidth usage or unauthorized access attempts.
Some of the tools available to us are:
» Torch.
» Interface graphs
» Packet Sniffer.
Any of the aforementioned tools will be useful if we aim to analyze traffic in a network.
6. FlashStart, the best DNS filtering alternative for Mikrotik.
In the current cybersecurity landscape, where online threats are constantly evolving, it is crucial to have effective and up-to-date solutions to protect our network and ensure secure internet access. Mikrotik, with its powerful RouterOS operating system, offers a variety of options to control and filter traffic in our network. However, there are times when it is necessary to rely on third-party solutions to complement and strengthen our defenses. FlashStart is one of those solutions that seamlessly integrates with Mikrotik, providing powerful DNS filtering to keep our network protected and optimized. FlashStart is a brand that carries the “Made for Mikrotik” badge, which guarantees that the solution is properly tailored for integration with Mikrotik devices.
FlashStart is a DNS-based content filtering service that focuses on online threat prevention and control of access to unwanted websites and applications. By using FlashStart together with Mikrotik, we can significantly enhance the security of our network and ensure that users only access safe and appropriate content.
In addition to its effective content filtering capabilities, FlashStart offers real-time analysis of categories and blacklists, ensuring that our network is always protected against the latest threats. It also provides intuitive reporting and analysis tools, making it easier to track and understand traffic behavior in our network. FlashStart utilizes its own artificial intelligence to detect real-time threats based on specific patterns.
As we have seen in this article, blocking Facebook with Mikrotik is really simple, but in case you have many domains, FlashStarttart will integrate with your Mikrotik network for blocking, you will be able to block Facebook directly in FlashStarttart, integrating Mikrotik.
Remember that FlashStarttart and Mikrotik work together to define various security policies, such as blocking Facebook, you can read our post on designing a firewall UTM with Mikrotik to increase the security of your network.
I hope this post has been helpful, and that you can manage your network effectively with FlashStarttart and Mikrotik.
See you in the next article!
You can activate the FlashStart® Cloud protection on any sort of Router and Firewall to secure desktop and mobile devices and IoT devices on local networks.