This solution applies to PC/laptops using the WhatsApp application and also the browser version of the app as both operate the same way.

WhatsApp connects to the following CDN endpoint (Wildcard should be used):

*.cdn.whatsapp.net

The above wildcard defines the Host part of the URL and the host section defines how CDN can be reached. The path (added after the host part of a URL) defines the kind/type of media that is being accessed.

For example, for image file sharing the path would be '/mms/image/. Any user trying to send or access an image to another user/group, will rely on the following URL:

*.cdn.whatsapp.net/mms/image/*

Similarly, for other media types following are the URL paths:

• Video: *.cdn.whatsapp.net/mms/video/
• Audio : *.cdn.whatsapp.net/mms/ptt/
• Image: *.cdn.whatsapp.net/mms/image/
• Document: *.cdn.whatsapp.net/mms/document/
• Sticker: *.cdn.whatsapp.net/mms/sticker/

On FortiGate static URL filter entries can be used for the above URLs to allow/block specific media types over WhatsApp.

Related article:

Technical Tip: Using a static URL filter feature to allow/block web sites