Allowing Facebook through Guardian

Article #:







The Facebook App may not work through Guardian due to the App using IPs that are SNI-less.


You might want to allow certain users to have access to Facebook, this may not be possible depending on the device they are using.


This article will discuss two potential solutions:

Solution 1 - Add a custom regular expression into the Transparent HTTPS incompatible sites category:

1. Add the following Regex into the Transparent HTTPS incompatible sites category:
Guardian > Policy Object > Categories
In the Categories section, expand the Standard Categories folder and edit the Transparent HTTPS incompatible sites category.
In the Manage Categories section, click Advanced and insert the following into the URL patterns section: 31\.13\.90\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])
2. Make sure you have set the Behaviour of your Transparent authentication (Web Proxy > Authentication > Manage policies) to either ‘Allow Transparent HTTPS incompatible sites’ or ‘Allow Transparent HTTPS incompatible sites and filter others using name from certificate’. For further information on Authentication policies, see

Note: This will allow Facebook to be used Network wide, so if you need to allow it for certain groups please follow the instructions provided in Solution 2.

Solution 2 - Whitelist the Facebook category for the group you want to give access to: Guardian > Web Filter > Policy Wizard:

Who — Staff*
What — Facebook
Where — Everywhere*
When — Always*
Action — Whitelist

* Change values based on your organizational needs.



Last updated:


Contributions by:

9th May 2018

Jonathan McKeague



Copyright © 2000-2018 Smoothwall All rights reserved.