This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 blocking whatsapp completly

I found in the webfilter log this event:

2017:08:17-17:46:47 sophos httpproxy[5727]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="100.0.0.97" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo6 (Mobiles)" filteraction="REF_HttCffAllowForEit (mobiles )" size="0" request="0xd9145600" url="http://c.whatsapp.net/chat" referer="" error="Received invalid request from client" authtime="0" dnstime="0" cattime="130" avscantime="0" fullreqtime="30038442" device="0" auth="0" ua="Mozilla/5.0 (compatible; WAChat/1.2; +www.whatsapp.com/contact)" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging"

 

any help

 

Thanks



This thread was automatically locked due to age.
Parents
  • This prior post probably has the answer.  

    There are multiple regex needed.

    Ob, how about turning that answer into a wiki post if it eorks here as well.

  • Hi,

    This is great if you actually are doing the HTTPS inspection and require that to be excluded. But I have added the device to be excluded for all web inspection both HTTP and HTTPS and it still doesn't work. Whatsapp doesn't actually use Web traffic anyway. If you read my original comment, Whatsapp actually works directly after a reboot of the firewall for about 8 minutes and then stops working after that.

    I have the following ports on a different firewall defined and working for whatsapp:

    Messaging: TCP dports 4244,5222,5223,5228,5242

    Voice call: UDP dport 3478

    Regards

  • In transparent mode, non-standard ports bypass the proxy and are handled by firewsll ruled.  Check whether your firewall settings will allow those ports through, and check firewall logs for additional clues.

Reply Children
No Data