Situation : 

• To allow WhatsApp application download in an environment where users can only download applications from Windows Store.
• Using Application control could be challenging in some environments since SSL deep inspection (DIP) needs to be applied in the same policy (the user machine needs to install Fortinet SSL cert for DIP).
• In contrast, allowing an ISDB object should work as a workaround without needing to install a FortiGate certificate in the user's machine.
  
  

Below are the steps to whitelist/allow WhatsApp application download from 'Window Store' with ISDB object:

1. In FortiGate, create a new policy by selecting 'Policy & Objects' -> 'Firewall Policy' -> 'Create New'.

2. Fill in the relevant configuration accordingly including 'Meta-Whatsapp' and 'Microsoft-Microsoft.Update' ISDB objects as the destination.

    

   

    

    

   

    

   

    

    

3. Select 'OK' to save the configuration.

    

   

    

• 'Meta-Whatsapp' ISDB object to allow all WhatsApp domains and services identified by FortiGuard.
• 'Microsoft-Microsoft.Update' ISDB object to allow all Windows Store domains and download/update function identified by FortiGuard.

Related articles:

Technical Tip: Best practices for policy configuration

Technical Tip: SSL Deep Inspection basic behavior

Technical Tip: How to import a FortiGate deep SSL certificate in the system