New Member

Solved

Application control is blocking Whatsapp

Forum|Forum|8 years ago
February 3, 2018
6 replies
87829 views

I have problems with a policy where I include an application control where I block access to facebook, youtube and others, one of the applications that I allow within the control is whatsapp but it has presented problems since yesterday, the attached files are not They send and the messages are sent several minutes later, the same as when receiving. I have been doing tests and by allowing the known applications the whatsapp starts working correctly, someone could help me know what the problem is if everything was working well until yesterday that I present this inconvenient.

My device is a Fortigate 90D The only categories that I have blocked in the control of applications are: Botnet, Game, P2P, Social.Media, Update, Video/Audio and Unknown applications (now in monitor mode for whatsapp work)

The other categories are in monitor mode

Best answer by Shaun

Hi Discus,

I received the below feedback earlier today on my ticket I logged with Fortinet;

We have released improved WhatsApp signature in IPS definition version 12.315, please update the IPS definition to latest version and test again.
If the traffic about WhatsApp still detected as Facebook-Web in Forward Traffic log , please provide us a full packet capture which include the traffic, thanks.

I upgraded our IPS definition package to the latest version (12.315) and customer has confirmed it is working again with no issues. I've checked the logs, and the destinations where we were getting blocked (e6.whatsapp.net, e14.whatsapp.net, etc) which was classified as 'Facebook-Web' application traffic in the 'Unknown Applications' category, is now being seen as 'WhatsApp' application traffic within the 'Collaboration' category, which is correct.

Will continue to monitor and will revert if we pick up any issues.

rajivk

New Member

i am having the same issue with a policy where I include an application control where one of the applications that I allow is whatsapp but it has presented problems since yesterday, the attached files are not sent and the messages are sent several minutes later, the same as when receiving. I have been doing tests and by allowing the unknown applications the whatsapp starts working correctly, someone could help me know what the problem is if everything was working well until yesterday. My device is a Fortigate 400D

As of Now the Unknown applications is Monitor Mode for Whatsapp to work, which i believe is not the correct way to have in the system

Discus

New Member

I'm seeing similar problems.

WhatsApp traffic that is not correctly assigned to WhatsApp can be categorised as:

[ul]

unknown tcp/5222

unknown "Facebook-Web" - typically https traffic to IPs that have PTR records ending in ip4.static.sl-reverse.com, typically 169.x.x.x

Bittorrent. [/ul]

Obviously, allowing unknown things is a bad idea...

Sadly, my 500E is also preventing me adding custom app signatures :\

This all manifests as WhatsApp being "broken" or "slow" depending on the user that's trying it. Mine is "slow" - crazily so.

We're not doing full SSL inspection, only certificate inspection. We're in proxy, not flow mode. FortiOS 5.6.3 Maybe that's a factor?

It certainly *was* working before last weekend, so either WhatsApp changed something, or Fortigate did (or both!).

Shaun

New Member

Hi all,

Has anyone had any feedback from Fortinet regarding this issue?

I've logged a case with them to investigate as we picking up the same issue as Discuss stated above. Destination ranges from e6.whatsapp.net all the way up to e14.whatsapp.net, which is classified as a 'Facebook-Web' application within the 'Unknown' application category.

Discus

New Member

@Shaun - I also have an open case, and nothing yet beyond "we're looking into it"... :\

If *I* considered it enterprise traffic, I'd be fuming now, but it's something that people have adopted themselves (users may consider it critical...). Our official comms channels don't include it - but customers have become used to using it to contact our staff - and our staff have embraced it, despite all the goodies in GSuite etc. :\

However, it's been nearly a week now, so I expect some management push-back to come our way soon... :\

john_ngugi

New Member

Same problem.

noize88

New Member

so is there any solution?

i have followed this sol. but no luck. whatsapp not working.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD37625

v6.2.1 build0932 (GA)

Application Control Signatures Version 14.00705

Device & OS Identification Version 1.00084 Internet Service Database Definitions Version 7.00143AV Definitions Version 72.00388 AV Engine Version 6.00132 Mobile Malware Version 72.00388Security Rating Package Version 2.00027

noize88

New Member

its seems from time to time it working.

but always laggy or message wont post.

birupolos

New Member

sorry -edited my post - my issue only with file transfer

https://forum.fortinet.com/tm.aspx?m=118777&tree=true

Aydenelite

New Member

I’d check if recent app control signatures started tagging WhatsApp traffic wrong. Updating signatures or creating a custom allow rule for its ports usually fixes message and file issues.

SkylarDe

New Member

It’s always a bit of a headache when the application control signature gets a bit too aggressive with WhatsApp. Usually, ensuring that both the "WhatsApp" and "WhatsApp-Web" signatures are set to allow - and checking that your SSL inspection isn't accidentally stripping out the traffic - does the trick. If you've already tried that, sometimes moving the WhatsApp-specific policy higher up in the sequence can help bypass any broader "Social Media" blocks you might have in place.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded