This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WhatsApp - Application Control

I have read a number of threads about how to make WhatsApp work for devices behind a UTM which all involve creating firewall rules.

Isn't making WhatsApp work through a UTM with Application Control enabled as simple as allowing the application?

In my experience the answer to my question above is 'not reliably'.

We have application control rules to allow the application to be used by devices on our WiFi networks for mobile devices but the user experience is poor.

At times messages are sent/received immediately, however at other times messages are delayed significantly sometimes only being passed hours after they were sent.

The usual giveaway is that the device displays a notification from the WhatsApp application (on Andriod devices) saying 'Checking for new messgaes'. This appears to be a sign that there are messages waiting to be delivered to the device. Messages that are composed and sent will have a clock symbol not get the first grey tick telling you that the message has reached the platform.

If you want the message to be allowed in or out it seems you are left with two options:

  1. Wait until the UTM mysteriously allows the message(s) to be delivered to the device
  2. Disable WiFi and use the device's mobile data connection, in which case the message will immediately either egress or ingress.

Which method should I be using if I want WhatsApp to work reliably? The idea of Application Control with it's granular application definitions appeals and seems a far better approach than using firewall rules to allow connections but if it doesn't work then why include it in the product?



This thread was automatically locked due to age.
Parents
  • Typically, AppCtrl is used to block traffic.  The only time an AppCtrl Allow rule makes sense is when it is an "exception" to a later Block rule.

    The other thing that might help is #1 in Rulz (last updated 2019-04-17) - specifically to check the Intrusion Prevention log.  Any luck there?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Typically, AppCtrl is used to block traffic.  The only time an AppCtrl Allow rule makes sense is when it is an "exception" to a later Block rule.

    The other thing that might help is #1 in Rulz (last updated 2019-04-17) - specifically to check the Intrusion Prevention log.  Any luck there?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children