The only way to do that with a DFL firewall is to block the HTTPS traffic to the domain ranges used by facebook:
Create a few objects for the IP adresses
FACEBOOK_A 69.171.224.0/19
FACEBOOK_B 66.220.144.0/20
and so on.
After that, create a group that contains all those objects
IP_GP_Facebook FACEBOOK_A, FACEBOOK_B
Create a block rule before all the other rules and that should prevent the access to facebook.
Here's a suggested list of IP adresses:
http://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook