Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
______________________________________________________________________________________________________________________________________
Table of Contents
Overview
This is the guide to blocking applications like WhatsApp video call features via application protection. You can similarly block many applications like dropbox, or any other VoIP, zoom, applications etc.
Configuration
Step 1: Create an Application Policy
Navigate to application > application filter and click add. Creating an application Policy, use the smart filter to filter out the application and select the action as deny:
Under the custom application policy, you can add various applications you want to allow or deny.
Step 2: Firewall Rule settings
Leave the following settings under the Firewall rule
Step 3: IPS Service running
Ensure the IPS service is running [Under the System services > Services]
Step 4: Pattern IPS
Check the pattern IPS and application signatures – ensure they are up-to-date
[Path – backup & firmware > Pattern updates]
Step 5: Using log viewer to confirm traffic is being blocked
Open Log viewer > on the right down menu, click Application filter, and initiate a WhatsApp video call – You’ll be able to see the following results below:
When you hover the mouse on the Red icon of the application filter, you’ll be able to see the information below. We can see here that the app uses the dst_port 3478 to communicate.
Note – Please delete the conntrack for the source IP initiating the Whatsapp video call On the CLI, select option 5. Device Management, then option 3. Advanced Shell Command – #conntrack -D -s <SRC IP> [use this command until “0 flow entries have been deleted”]
I hope this article has helped you achieve your requirements.
______________________________________________________________________________________________________________________________________
Edited Grammar
[edited by: Raphael Alganes at 1:03 PM (GMT -7) on 22 Oct 2024]
