Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.
This is the guide to block application like what’s app video call feature via application protection. You can similarly block many applications like drop box, or any other VoIP, zoom, applications etc.
➢ Create an Application Policy➢ Create Firewall rule➢ Ensure the IPS service is running➢ Ensure the Application and IPS patterns are up2date
Navigate to application > application filter and click add. Creating an application Policy, use the smart filter to filter out the application and select the action as deny:Under the custom application policy, you can add various application you want to allow or deny.
Leave the following settings under the Firewall rule
Ensure the IPS service is running [Under the System services > Services]
Check the pattern IPS and application signatures – ensure they are up2date[Path – backup & firmware > Pattern updates]
Open Log viewer > on the right down menu click Application filter and initiate a what’s app video call – You’ll be able to see the following results below:When you hover the mouse on the Red icon of application filter, you’ll be able to see the information below, we can see here the what’s app uses the dst_port 3478 to communicate.Note – Please delete the conntrack for the source IP who is initiating the what’s app video call On the CLI, select option 5. Device Management, then option 3. Advanced Shell Command – #conntrack -D -s <SRC IP> [use this command until “0 flow entries have been deleted”]I hope this article has helped achieve your requirement!