WhatsApp Issue with Web Protection

hello everyone 


when ever i turn on web protection for a rule users who can use internet through this rule can use whatsapp application on there phones or web whatsapp

i tried to make a workaround for web whatsapp and created a top rule that allow access to web whatsapp and turned off web protection and that solved web whatsapp problem 

now my problem is with the application it self it wont work until i turn off the web protection 

although i made exception for it in the PROTECT>Web>Exceptions and checked the log viewer and it is all green and all http and https scan & Decrypt  are turned off 

is there any solution for this issue ?

thank you 

  • In reply to Michael Ploch1:

    Service All basically means every port.  Effectively allowing Service All means the firewall starts allowing everything and no longer protects as a firewall should.

    Useful for debugging, horrible for security.  Its like getting a really expensive deadbolt for your front door and then leaving your door wide open.  :)

  • In reply to Michael Dunn:

    Thank you, then I'd been right. For testing purposes I moved all WiFi Clients into a separate VLAN with its own Firewall rule on that VLAN.  Therefore I allowed all services so unfortunately this does not seem to be my solution either.

    Michael, do you think this could be related to my VLAN Setup? According to my logs I also had some default Drops (rule ID 0) with "Could not assocate packet to any connection"

    Thank you for everthing so far.

    Additionaly: I am testing with our Aruba Access Points at the moment, using a SSID that does not support Roaming accross other APs. Maybe something happens to the session during roaming and Sophos stumbles upon that. Just to exclude the Aruba I'll give that a try. Keep you updated.

  • In reply to Michael Ploch1:

    My recommendation from Sept 1 still stands.


    1) You have done a bunch of work to diagnose.  It is very hard for people in the forums to diagnose.  It is easier for Sophos Support to since you can give them direct access to your system.  Raise a ticket and pester them.


    2) Use firewall rules to bypass the proxy just for these connections.  Create FQDN Host objects for all of the whatapp domains and then put in a high level rule the has them as the destination, service any.  Traffic that is not for WhatsApp still uses your regular firewall rule with web proxy.



  • Hi guys,

    a classic case of RTFM! You cannot solve the problem within the Web Protection section. All your suggestions above DO NOT WORK!

    With the current UTM version 9.600-5, you have to solve it in the NETWORK PROTECTION section, not in the Web Protection section!



    Add a new rule that looks like:  Internal Network - whatsapp - any

    You drag and drop these three categories from the left side of the menu to the right side. whatsapp is a preconfigured setting provided by the Sophos UTM.

    Save it, activate it. 

    I use the transparent proxy mode. Pharming protection enabled.

     Whatsapp now works fast as ever, audio and video calls work, too.


     BR Alex.

  • In reply to Alexander Weinbacher:

    I thought this was for XG, not UTM?

  • In reply to Jon Bruce:

    right, but it is the same config concept for XG and for UTM.

  • In reply to Alexander Weinbacher:

    Under the XG, there is nothing to drag and drop from the left side, there are no categories under network protection - firewall. There are categories under web protection.

  • In reply to Jon Bruce:

    What rules do you have set from LAN > WAN?  As in do you have an Any > Any rule, or do you have separate rules for http, https etc...


    You will need a rule for XMPP over SSL (5223), plus 5222 and 5228 TCP ports.



  • In reply to Michael Dunn:

    I finally, after months, solved the issue:


    Go to Web Protection -> Generall Settings -> HTTPS decryption and scanning and then UNCHECK "Block unrecognized SSL protocols"

    Somewhere I read about Whatsapp using invalid SSL. Thats the point here. Wished my firewall had more clear logfiles. Impossible to work with the logfile to solve this. Thats the sad point. The lucky point is, it is working :) :) :) Finally! ;)


    Works with pharming protection on, btw. And I dont need any exceptions. You can leave "Block invalid certificates" checked.