Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 5 subscribers
  • Views 39180 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 blocking whatsapp completly

Karim malak

I found in the webfilter log this event:

2017:08:17-17:46:47 sophos httpproxy[5727]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="POST" srcip="100.0.0.97" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo6 (Mobiles)" filteraction="REF_HttCffAllowForEit (mobiles )" size="0" request="0xd9145600" url="http://c.whatsapp.net/chat" referer="" error="Received invalid request from client" authtime="0" dnstime="0" cattime="130" avscantime="0" fullreqtime="30038442" device="0" auth="0" ua="Mozilla/5.0 (compatible; WAChat/1.2; +www.whatsapp.com/contact)" exceptions="" category="122" reputation="neutral" categoryname="Instant Messaging"

 

any help

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    This prior post probably has the answer.  

    There are multiple regex needed.

    Ob, how about turning that answer into a wiki post if it eorks here as well.

  • 0 in reply to DouglasFoster

    Hi,

    This is great if you actually are doing the HTTPS inspection and require that to be excluded. But I have added the device to be excluded for all web inspection both HTTP and HTTPS and it still doesn't work. Whatsapp doesn't actually use Web traffic anyway. If you read my original comment, Whatsapp actually works directly after a reboot of the firewall for about 8 minutes and then stops working after that.

    I have the following ports on a different firewall defined and working for whatsapp:

    Messaging: TCP dports 4244,5222,5223,5228,5242

    Voice call: UDP dport 3478

    Regards

  • 0 in reply to Paul Fairbank

    In transparent mode, non-standard ports bypass the proxy and are handled by firewsll ruled.  Check whether your firewall settings will allow those ports through, and check firewall logs for additional clues.

  • 0 in reply to Paul Fairbank

    Try #1 in Rulz, Paul.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML