Learn about the Benefits of Multi-Factor Authentication (MFA) . Turn your MFA on now!
Information: Three minute survey on Exploring more ways to contact Sophos Technical Supportt. If you can spare the time, we would love your feedback!
We'd love to hear about it! Click here to go to the product suggestion community
when ever i turn on web protection for a rule users who can use internet through this rule can use whatsapp application on there phones or web whatsapp
i tried to make a workaround for web whatsapp and created a top rule that allow access to web whatsapp and turned off web protection and that solved web whatsapp problem
now my problem is with the application it self it wont work until i turn off the web protection
although i made exception for it in the PROTECT>Web>Exceptions and checked the log viewer and it is all green and all http and https scan & Decrypt are turned off
is there any solution for this issue ?
In reply to Michael Ploch1:
ok, that did not last long...
I had the same delay some hours ago. Messages just aren't sent without delay, if I switch to mobile data on smartphone, message is sent immediately. If I keep staying in my wifi, there is a delay about 2 minutes... more or less...
As a last step I try to deactivate all firewall policies for that device and disable pharming protection.
If problem although occurs, I would say it is not a Sophos issue, is it? Whats your opinon? What else could it be? Do you see any else options how I could debug my issue?
Thanks a lot, Michael
Try reviewing the DNS settings on the failing device.
In reply to rfcat_vk:
it is the firewall als dns and my providers dns servers.
what else can I review here? normal webbrowsing and everything else works like a charm...
Hey Michael, was going through my rules and forgot that i have specified my services for my general rule and within the services i created a whatsapp service of ports that whatsapp uses.
so for my general rule i allow https, smtp..etc
Having the same issue here whatsapp application strangely stops working for some users and sometimes for all users, I am running 17.1 tried everything and quite frankly the logs don't help at all "God I wish they didn't change how logs were implemented in UTM), anyway it seems like disabling application filter rule helped; the rule was for blocking p2p and tunneling/vpn, gaming applications and youtube and had the whatsapp allowed on the top of the rules, I ended removing the vpn/tunneling rule and the application started to work. I couldn't find any indication in the logs that can help me figure out what vpn/tunnel application was mistakenly resembles whatsapp traffic. The only solution to add them gradually and see when the issue appears again.
In reply to Christopher Moss:
Good point about the ports. https://www.quora.com/What-is-the-port-number-for-whatsapp
If that is not it, then:
Well after testing it, it was the pharming protection
I disable it and all went well, I have applied all my web and application rules again and all working fine till this moment...
So, few days later, just to be sure thats a problem in my sophos I deactivated all firewall filters and pharming protection. Just had "scan http " option active. I never had the HTTPS scan option active. Do not need that at the moment. First have to get it working without that option to lower complexity.
What shall I say, it just worked!
As a next step I will reactivate setting by setting and see what happens. I will start with activating pharming protection and will see.
I hop to drill down the problem within the next days. Depending on where it stucks, I will try to implement the ideas of the community I have heard so far..
Thank you in advance, Michael
Waiting to see your results.
okay, five days have passed and I did not have any problems with pharming protection on... Now brave enough to turn on intrusion preventien for my firewall rule and see whats happening. getting back to you...
so I turned back on my Web Policy and the error occured again...
Web Policy currently just has a default "allow all" and a rule that denies urlgroup with forbidden urls. ...
interesting enough I additionally found out that in log files for the same time stamp the error occured the web policy allows a whatsapp-URL, please see screen attached.
for the timestamps whatsapp worked as it should, NO entry in firewall web policy log does show up. Different ports are used for the activities in firewall log then.
can you help to interprete those results with me? really would appreciate ;)
ahhh, this really is annoying..
everything works perfectly if i disable my web filter policy.
but this policy only contains the following rules (see screenhot)
1: deny all links from url-group (www.example.com)
2: default allow all
how come that once I enable the web policy in my firewall whatsapp not running correctly anymore... that s*cks, to be honest. is it a bug or is the problem in front of my computer (i.e. me )
would be really glad if someone can help me out of this!
We use WhatsApp on our iPhones and it has worked fine for the past year (sending messages, voice calls and video chat). I didn't have to setup anything specific either to make it work.
I'm currently on Sophos XG 17.1.2 (MR-2) and here's an overview of my setup:
The only thing I can think of is I did setup a Web exception that skips HTTPS Decryption for a bunch of stuff (mostly because I don't want secure connections to certain sites being decrypted) that includes the "Online Chat" category, but this was done because I was having issues with another app. I also have the "Information Technology" category in this list (with a few others) because I was having issues with sending photos via iMessage unless I had this category skipping HTTPS Decryption.
I realize this probably doesn't help too much but just thought I'd provide another data point. I've removed the "Online Chat" category and I'll see if it makes any difference but it sounds like your issue is with web policies and not necessarily HTTPS decryption and scanning.
In reply to shred:
the problem came back one more time to the surface
Sounds similar but not identical.
One thing I had in mind: It always had been Android devices with that problem, no one used an iPhone...
Any ideas? I am running out of ideas, logs dont show anything on this...