Sophos Firewall: How to Block Whatsapp Video call

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.

______________________________________________________________________________________________________________________________________

Overview
Configuration

Overview

This is the guide to blocking applications like WhatsApp video call features via application protection. You can similarly block many applications like dropbox, or any other VoIP, zoom, applications etc.

Configuration

Step 1: Create an Application Policy

Navigate to application > application filter and click add. Creating an application Policy, use the smart filter to filter out the application and select the action as deny:

Under the custom application policy, you can add various applications you want to allow or deny.

Step 2: Firewall Rule settings

Leave the following settings under the Firewall rule

Step 3: IPS Service running

Ensure the IPS service is running [Under the System services > Services]

Step 4: Pattern IPS

Check the pattern IPS and application signatures – ensure they are up-to-date
[Path – backup & firmware > Pattern updates]

Step 5: Using log viewer to confirm traffic is being blocked

Open Log viewer > on the right down menu, click Application filter, and initiate a WhatsApp video call – You’ll be able to see the following results below:

When you hover the mouse on the Red icon of the application filter, you’ll be able to see the information below. We can see here that the app uses the dst_port 3478 to communicate.

Note – Please delete the conntrack for the source IP initiating the Whatsapp video call On the CLI, select option 5. Device Management, then option 3. Advanced Shell Command – #conntrack -D -s <SRC IP> [use this command until “0 flow entries have been deleted”]

I hope this article has helped you achieve your requirements.