This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Free ports for WhatsApp with Proxy

Hello, 

we use a UTM 9 Version 9.506-2 and have to open the Ports for WhatsApp.

All tipps in the forum won't work for me. So i hope, that someone can help me.

I opened Port 5222, 5223, 5228-30.

Excluded the four Regex for Whatsapp...

But the communication is very unstable.

 

Anyone who has a solution?

 

Kind regards

Hendrik



This thread was automatically locked due to age.
Parents
  • Hi Hendrik,

    Do you have application control enabled? If so, you will need to allow WhatsApp.

    If it's not enabled, you will need to add WhatsApp through your Transparent Skip List if using Transparent Mode.

    If none of those methods work, please provide relevant lines from your logs for review.

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Reply
  • Hi Hendrik,

    Do you have application control enabled? If so, you will need to allow WhatsApp.

    If it's not enabled, you will need to add WhatsApp through your Transparent Skip List if using Transparent Mode.

    If none of those methods work, please provide relevant lines from your logs for review.

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Children
  • Hi Karlos, 

     

    i tried to use the Application Control, but this doesn't work.

    We use the UTM as standard Proxy. In the Application Control there is Whatsapp or Facebook an other App's listed.

    So i set this Apps to allow. But in Whatsapp there is no connection. In Facebbok, there is a connection, but no picture is downloaded in the Userfeed.

    I can't find a reason why this configuration doesn't work.

     

    Thanks 

    Hendrik

  • Hi Hendrik,

    How are you accessing Whatsapp (App or Web version)? Also, from what type of device are you accessing it from?

    Thanks,

    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Hi Karlos, 

    i use an iPhone with the App.

     

    Thank you

    Hendrik

     

  • Hi Karlos, 

    i have an addon...

    If i use a "free to Any"-rule in Firewallsettings for this iPhone i can use Whatsapp.

    Maybe there is a basic configuration failure?

    We use the UTM as Standard proxy for all items in the company.

    In the Firewallsettigns i thought i didn't need any Rule for the application control.

    Is there a rule neccessyary to use the application control?

    Thanks for reply

    Hendrik

  • Hoi Hendrik,

    "If i use a "free to Any"-rule in Firewallsettings for this iPhone i can use Whatsapp."

    This means that you need to allow other ports.  Since you're using Web Filtering in Standard mode, you will want to add the needed ports to 'Allowed Target Services' on the 'Misc' tab of Web Filtering.  Karlos' comment about Application Control was meant to be certain that you were not blocking there as AppCtrl only can be used for blocking.  See #2 in Rulz.

    Disable that "Any" rule, start the Firewall Live Log, put the IP of your iPhone in the Filter box, touch enter and watch what ports are blocked by the firewall.  If that doesn't give you the information you need, do the same thing with the Web Filtering Live Log.

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Quiet informative discussion I have came across here.

    We do have a Cyberoam 1500IA in our network which is working as a proxy for internet services. Previously the whole network is in one single VLAN and at that time we did used the IP of cyberoam as gateway while using Whatsapp.

     

    But recently we have segregated the whole network into 5 different VLANs. Now the issue is that while accessing Whatsapp from other VLANs, I cant configure it as gateway in client system. And while using it as proxy, whatsapp doesn't work. Other apps like Facebook and Twitter works fine in this mode.

     

    I am new to cyberoam and this peculiar problem.

  • While you are now using Cyberoam as a proxy (and not gateway), you should find your answer in your UTM firewall rules (especially since it starts to work when you allow everything).

    Like BAlfson said above, have a look at your firewall live log and filter the log on the IP of your iPhone while trying to connect to Whatsapp. First disable the allow everything rule. After that you can see the blocked rules in red color very easily. These are most likely also showing which outbound ports you need to open.

    In my situation I have the following ports open for Whatsapp (at least I have them specifically marked Whatsapp)

    TCP 5222, TCP 5223, UDP 3478.

    The UDP port is for calls through WA.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi and welcome to the UTM Community!

    You will want to ask your question about the Cyberoam Proy in the Cyberoam Community.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA