Sophos Firewall: How to Block Whatsapp Video call

Disclaimer: Please contact Sophos Professional Services if you require assistance with your specific environment.

Overview

This is the guide to block application like what’s app video call feature via application protection. You can similarly block many applications like drop box, or any other VoIP, zoom, applications etc.


➢ Create an Application Policy
➢ Create Firewall rule
➢ Ensure the IPS service is running
➢ Ensure the Application and IPS patterns are up2date

Step 1: Create an Application Policy

Navigate to application > application filter and click add. Creating an application Policy, use the smart filter to filter out the application and select the action as deny:


Under the custom application policy, you can add various application you want to allow or deny.

Step 2: Firewall Rule settings

Leave the following settings under the Firewall rule

Step 3: IPS Service running

Ensure the IPS service is running [Under the System services > Services]


Step 4: Pattern IPS

Check the pattern IPS and application signatures – ensure they are up2date
[Path – backup & firmware > Pattern updates]

Step 5: Using log viewer to confirm traffic is being blocked

Open Log viewer > on the right down menu click Application filter and initiate a what’s app video call – You’ll be able to see the following results below:



When you hover the mouse on the Red icon of application filter, you’ll be able to see the information below, we can see here the what’s app uses the dst_port 3478 to communicate.


Note – Please delete the conntrack for the source IP who is initiating the what’s app video call On the CLI, select option 5. Device Management, then option 3. Advanced Shell Command – #conntrack -D -s <SRC IP> [use this command until “0 flow entries have been deleted”]

I hope this article has helped achieve your requirement!



Table of Content
[edited by: emmosophos at 10:55 PM (GMT -8) on 25 Nov 2022]