Hello there,
You can do it in several ways:
1/ DNS doctoring (make your SRX return 127.0.0.1 for *.facebook.com) - SRX must be inline for DNS requests-replies
This will block HTTP and HTTPS acccess to Facebook but I guess you don't need HTTP acccess to Facebook either?
2/ write an IDP policy which matches on SSL Client Hello extension "server_name" and sends a TCP RST if this extension contains "*.facebook.com"
3/ most crude method - write a prefix-list which contains Facebook prefixes (below is from whois query I executed few mins ago)
Facebook, Inc. TFBNET2 (NET-69-63-176-0-1) 69.63.176.0 - 69.63.191.255
-- and block TCP port 443 outbound towards these prefixes, using output FW filter.
As for gmail chat, I guess blocking gmail access altogether (which is over HTTPS anyway) shoul do:
Name: gmail.com
IP: 74.125.230.119, 74.125.230.117, 74.125.230.118, 74.125.230.120
HTH
Rgds
Alex