WhatsApp Issue with Web Protection

hello everyone 

 

when ever i turn on web protection for a rule users who can use internet through this rule can use whatsapp application on there phones or web whatsapp

i tried to make a workaround for web whatsapp and created a top rule that allow access to web whatsapp and turned off web protection and that solved web whatsapp problem 

now my problem is with the application it self it wont work until i turn off the web protection 

although i made exception for it in the PROTECT>Web>Exceptions and checked the log viewer and it is all green and all http and https scan & Decrypt  are turned off 

is there any solution for this issue ?

thank you 

Parents
  • Hi guys,

     

    That way i solved the problem of Whatsapp not working properly behind a Sophos UTM 9.x

     

    1. READ UNTIL THE END!!!

    2. Go to: NETWORK PROTECTION - FIREWALL

    3. Add a new rule that looks like:  from "Internal Network" - service "whatsapp" - to "any"

        You drag and drop these three categories from the left side of the menu to the right side. "whatsapp" is a preconfigured setting provided by the Sophos UTM.

        Save it, activate it. 

        I use the transparent proxy mode. Pharming protection enabled.

     

    4. Add a new rule that looks like: from "Internal Network" - "TCP 5222, TCP 5223, UDP 3478" - to "any"

        That rule was key for making my setup work completely. Without, only chat worked but calls only between devices on my LAN.

     

    5. I´v added this rule but I am not 100% sure if it is really necessary after 4.):

        First, I did a static address mapping for my IOS devices as these are the only ones I use for Whatsapp video/ audio calls and chats. 
        I want only my IOS devices being allowed to use Whatsapp so that no attacker from outside could get through to my NAS, printer or any other devices not intended to use Whatsapp.

        Also, Whatsapp calls initiated from a device within my LAN should work to any other Whatsapp user, may he be on the web or in my LAN, too.

        Therefor I added a new rule that looks like: from "Any" - "whatsapp" - to: <here I selected all my IOS devices that show up in the left selection menu>

     

    6. ACTIVATE all these rules with the activation button!

     

     

    Whatsapp chats via webbrowser from my PCs work.

    Whatsapp chat now works fast, audio and video calls work from my IOS devices, too.

     

    Good luck and my you save a lot of time that I had to put in...

    BR Alex.

  • right, but it is the same config concept for XG and for UTM.

  • Under the XG, there is nothing to drag and drop from the left side, there are no categories under network protection - firewall. There are categories under web protection.

Reply Children
  • What rules do you have set from LAN > WAN?  As in do you have an Any > Any rule, or do you have separate rules for http, https etc...

     

    You will need a rule for XMPP over SSL (5223), plus 5222 and 5228 TCP ports.

     

     

    Tim Grantham

    Enterprise Architect & Business owner