This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WhatsApp Issue with Web Protection

hello everyone 

 

when ever i turn on web protection for a rule users who can use internet through this rule can use whatsapp application on there phones or web whatsapp

i tried to make a workaround for web whatsapp and created a top rule that allow access to web whatsapp and turned off web protection and that solved web whatsapp problem 

now my problem is with the application it self it wont work until i turn off the web protection 

although i made exception for it in the PROTECT>Web>Exceptions and checked the log viewer and it is all green and all http and https scan & Decrypt  are turned off 

is there any solution for this issue ?

thank you 



This thread was automatically locked due to age.
Parents
  • M.Hegazy,

    create a web exception with this urls:

    ^([A-Za-z0-9.-]*\.)?whatsapp\.com
    ^([A-Za-z0-9.-]*\.)?whatsapp\.net
    ^([A-Za-z0-9.-]*\.)?50\.22\.19[2-9]\.
    ^([A-Za-z0-9.-]*\.)?50\.22\.2[0-5][0-5]\.

    ^([A-Za-z0-9.-]*\.)?whatsapp\.net\.?/

    Here the image. In my case works. I use decrypt and scan on my XG.

    Regards

  • Hi

    i solved whatsapp application issue yesterday

    i dont use "Any" as service

    the problem solved when i added whatsapp application ports and both of them were working till this morning

    but couple hours ago the QR code came to the surface again

    any idea why this strange behavior from the firewall??

  • problem is finally solved

    it was related to "Enable Pharming Protection" option in web protection

    i had to diable it to get it work

  • We had a similar problem with Snapchat, where it was connecting to an IP using a hostname that did not resolve (pharming protection tries to resolve again).  We fixed it for unresolvable, but if an app actively lies about who it is connecting to....

    One solution (IIRC) is if you can debug the underlying host and IP that it is failing on you can create a Host-to-IP mapping that overrides DNS.  Then Pharming protection continues to work.

     

  • Finally I managed to reply in that Forum .. my first Post here :) I have the same problem. could you please instruct me what to do? I am not sure what you are meaning with IIRC and ceate a host-to-ip-mapping that overrides dns. where / how do I do it?

    Could you provide me some help? Would be greateful!

    Is it in DNS section or Hosts&Services?

    Thank you all

    Michael

  • Hey guys, also had this issue and after adding the exception list i still did not work. i turned off pharming protection and still did not work. I finally got it to work by going into the web policy and adding a rule with the category voice and video calls and allowing it. Also move the rule to the top of the list as the web policy reads like a ACL. Also i have pharming protection enabled. I am running a 125 with 17.1.1 firmware. Hope this helps.

  • Depending on the situation there are two possible causes
     
    1)
    The application is trying to connect to an IP Address, and send a GET containing a hostname that does not resolve to the same IP.  I think that we have seen this on WhatsApp and SnapChat. 
    This caused a problem when Pharming Protection was enabled.
    There is a workaround by putting in your own resolution, under Network \ DNS \ DNS Host Entry
    If turning off Pharming Protection does not resolve the problem, then this is not the issue.
    If I recall correctly (IIRC) we put in a fix several months ago that should resolve this.  If you are running 17.1 and still have this issue which is related to Pharming Protection, please let me know.
     
    2)
    You have some other more common permission problem (like Christopher Moss).  Take a look at the logs and find out what is blocked and why.  For example maybe it is being blocked due to a File Type.  Modify the Web Policy to put in a higher level rule that allows it, or create an exception (see examples above) that bypasses policy.  Rules are implemented as ACL (Access Control Lists) and are read top to bottom.
  • thank you for response.

    as soon as I disable the pharming protection, things seem to work. Indeed for me it is whatsapp starting to delay extremely once I enable pharming protection again.

    I am still testing. I will test both above ways (Christopher Moss and Michael Dunn). It will take some days because I have to await user feedback and check on my own! Will get back to you for sure.

    Yes, I am running 17.1.1 MR-1

     

    edit: had the wrong name in () above...

  • alright, today I had the same issue again, even with pharming protection disabled. I honestly thought that could be the right direction, but it is not. on the 5 day that already known delay in whatsapp occured again. sending is really delayed and if I would receive a message, whatsapp just tells me "you may have new messages".

     

    so if I understand you correctly dns entry and pharming protection is not my way to go. now I will try activate pharming protection and try Christophers way. keep you updated.

    what wonders me is, why sometimes whatsapp has that delay, and sometimes it works as usual.... i cannot find anything blocked in the firewall for that user, only allowed entries in the log around that time stamp...

  • Also Michael, i have Whatsapp allowed in my application filter. If you are using a application filter you might want to allow Whatsapp also. 

     

  • I already did, but solely this does not help.

    Die try it with your Suggestion in web filtering and have to see how it behaves now. Debugging is pretty difficult since log files do not point it out clearly...

  • Hey Michael, just wanted you to have your application policy with the Whatsapp rule in conjunction with the web policy setting i mentioned. That's what worked for me.

     

    This is the web policy i mentioned.

     

    make sure video and voice are on top of the web policy and all actions are allowed. and then make sure your application filter has all the Whatsapp criteria allowed.

Reply
  • Hey Michael, just wanted you to have your application policy with the Whatsapp rule in conjunction with the web policy setting i mentioned. That's what worked for me.

     

    This is the web policy i mentioned.

     

    make sure video and voice are on top of the web policy and all actions are allowed. and then make sure your application filter has all the Whatsapp criteria allowed.

Children
  • Yep, i Had allow all in web Policy ans added your rule in Addition. I Always had the Applikation rule running.

    Will geht Back to you once either the Error occurs again or it worked for some days...

  • ok, that did not last long...

    I had the same delay some hours ago. Messages just aren't sent without delay, if I switch to mobile data on smartphone, message is sent immediately. If I keep staying in my wifi, there is a delay about 2 minutes... more or less...

     

    As a last step I try to deactivate all firewall policies for that device and disable pharming protection.

    If problem although occurs, I would say it is not a Sophos issue, is it? Whats your opinon? What else could it be? Do you see any else options how I could debug my issue?

    Thanks a lot, Michael

  • Hi,

    Try reviewing the DNS settings on the failing device.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • it is the firewall als dns and my providers dns servers.

    what else can I review here? normal webbrowsing and everything else works like a charm...

  • Hey Michael, was going through my rules and forgot that i have specified my services for my general rule and within the services i created a whatsapp service of ports that whatsapp uses.

     

    so for my general rule i allow https, smtp..etc

  • Good point about the ports.  https://www.quora.com/What-is-the-port-number-for-whatsapp

     

    If that is not it, then:


    The problem could be something with web browsing (eg HTTP or HTTPS).  However it could also be DNS timeout or something on some custom ports it uses.  It can be hard to tell, especially since it is hard to packet capture on a mobile device.
     
    Are you doing HTTPS Decryption?  If you are, maybe the app does not like the CA.  You can try disabling it in the firewall rule or in an exception.
     
    If you temporarily put in a high level firewall rule for Source Any Destination Any Service Any with no malware protection or application or web policies (basically super wide open) does that resolve the issue?  If so, then start closing the rule to where is starts being slow.
  • Well after testing it, it was the pharming protection

    I disable it and all went well, I have applied all my web and application rules again and all working fine till this moment...

  • So, few days later, just to be sure thats a problem in my sophos I deactivated all firewall filters and pharming protection. Just had "scan http " option active. I never had the HTTPS scan option active. Do not need that at the moment. First have to get it working without that option to lower complexity.

    What shall I say, it just worked!

    As a next step I will reactivate setting by setting and see what happens. I will start with activating pharming protection and will see.

    I hop to drill down the problem within the next days. Depending on where it stucks, I will try to implement the ideas of the community I have heard so far..

    Thank you in advance, Michael

  • okay, five days have passed and I did not have any problems with pharming protection on... Now brave enough to turn on intrusion preventien for my firewall rule and see whats happening. getting back to you...